UACd.sys problem on Vista

I had an issue with UACd.sys from a fake virus scanner which I tried to remove. I was nominally successful but couldn't get rid of the adds playing in the background as well as my maleware and virus scanners still being disabled. Being an idiot I saw that someone had suggested using Combo-Fix so I did it without checking that it wouldn't cause me any problems. I don't think that it caused me a major problem but I was hoping to get a second opinion. I am including the log from combo-fix as well as those from MBAM, GMER and OTL that I ran after reading the guide.

Combo-Fix Log

ComboFix 10-01-04.01 - Parker 01/05/2010 14:09:38.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2438 [GMT -5:00]
Running from: c:\users\Parker\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\$recycle.bin\S-1-5-21-4058851237-742780144-202118921-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\system32\drivers\H8SRTesblouwmsd.sys
c:\windows\system32\H8SRTkferdmemoc.dat
c:\windows\system32\H8SRTqnnjcxusph.dll
c:\windows\system32\H8SRTsxjiitpyeh.dll
c:\windows\system32\H8SRTxrphcrrute.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\oem8.inf
c:\windows\system32\SIntf16.dll
c:\windows\system32\srcr.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys

((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.

2010-01-05 19:19 . 2010-01-05 19:23 -------- d-----w- c:\users\Parker\AppData\Local\temp
2010-01-05 19:19 . 2010-01-05 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-05 06:21 . 2010-01-05 06:21 -------- d-----w- c:\programdata\Age of Empires 3
2010-01-05 06:01 . 2010-01-05 06:01 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-01-05 06:00 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-01 23:39 . 2010-01-01 23:44 -------- d-----w- C:\Combo-Fix
2009-12-30 02:58 . 2009-12-30 02:58 -------- d-----w- c:\users\Parker\AppData\Roaming\AVG9
2009-12-29 00:57 . 2009-12-29 00:57 -------- d-----w- C:\_OTM
2009-12-29 00:30 . 2009-12-29 20:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-29 00:12 . 2010-01-05 18:26 -------- d-----w- c:\programdata\PC Tools
2009-12-28 21:19 . 2009-12-29 20:08 -------- d-----w- c:\programdata\Lavasoft
2009-12-28 21:19 . 2009-12-28 21:19 -------- d-----w- c:\program files\Lavasoft
2009-12-28 20:56 . 2009-12-28 20:56 -------- d-----w- c:\users\Parker\AppData\Local\Threat Expert
2009-12-19 21:21 . 2009-12-19 21:22 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-12-19 21:21 . 2009-12-19 21:21 -------- d-----w- c:\program files\AviSynth 2.5
2009-12-19 21:20 . 2009-12-19 21:20 -------- d-----w- c:\program files\AML Products
2009-12-19 21:08 . 2009-12-29 20:02 -------- d-----w- c:\program files\AoA MP4 Converter
2009-12-19 20:25 . 2007-04-12 19:19 129024 ----a-w- c:\windows\system32\AVERM.dll
2009-12-19 20:25 . 2006-09-26 18:57 28672 ----a-w- c:\windows\system32\AVEQT.dll
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-09 08:05 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 08:05 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 08:05 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 00:22 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 00:22 . 2009-10-27 14:11 834048 ----a-w- c:\windows\system32\wininet.dll
2009-12-09 00:22 . 2009-10-27 13:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-12-09 00:22 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 15:40 . 2009-12-08 15:40 -------- d-----w- c:\program files\Windows Portable Devices
2009-12-08 07:43 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-12-08 07:43 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-12-08 07:43 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-12-08 07:43 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-12-08 07:43 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2009-12-08 05:15 . 2009-12-08 05:15 -------- d-----w- C:\Scenario
2009-12-07 17:50 . 2009-12-07 17:50 -------- d-----w- c:\users\Parker\AppData\Roaming\Microsoft Games
2009-12-07 17:36 . 2009-12-07 17:36 -------- d-----w- c:\windows\system32\ca-ES
2009-12-07 17:36 . 2009-12-07 17:36 -------- d-----w- c:\windows\system32\eu-ES
2009-12-07 17:36 . 2009-12-07 17:36 -------- d-----w- c:\windows\system32\vi-VN
2009-12-07 17:16 . 2009-12-07 17:16 -------- d-----w- c:\windows\system32\EventProviders

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-05 19:22 . 2008-10-31 03:49 -------- d-----w- c:\program files\DNA
2010-01-05 19:22 . 2008-10-31 03:49 -------- d-----w- c:\users\Parker\AppData\Roaming\DNA
2010-01-05 19:19 . 2008-08-15 07:10 12 ----a-w- c:\windows\bthservsdp.dat
2010-01-05 18:00 . 2009-10-22 03:11 -------- d-----w- c:\programdata\avg9
2010-01-05 07:07 . 2008-08-26 02:34 27430 ----a-w- c:\users\Parker\AppData\Roaming\nvModes.dat
2010-01-05 06:01 . 2008-08-15 12:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-05 05:21 . 2006-11-02 12:37 -------- d-----w- c:\program files\Microsoft Games
2009-12-31 22:18 . 2009-10-16 03:01 -------- d-----w- c:\users\Parker\AppData\Roaming\uTorrent
2009-12-28 08:28 . 2008-11-18 18:38 7592 ----a-w- c:\users\Parker\AppData\Local\d3d9caps.dat
2009-12-27 16:56 . 2009-03-05 21:14 -------- d-----w- c:\users\Parker\AppData\Roaming\dvdcss
2009-12-18 19:26 . 2009-12-18 19:27 294656 ----a-w- c:\programdata\avg9\update\backup\avglngx.dll
2009-12-11 16:28 . 2009-12-11 16:29 4043032 ----a-w- c:\programdata\avg9\update\backup\avgui.exe
2009-12-11 16:28 . 2009-12-11 16:29 3776280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2009-12-11 16:27 . 2009-12-18 19:27 2352920 ----a-w- c:\programdata\avg9\update\backup\avgresf.dll
2009-12-11 16:27 . 2009-12-11 16:28 3967256 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2009-12-09 08:23 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 08:05 . 2008-08-15 12:32 -------- d-----w- c:\programdata\Microsoft Help
2009-12-08 15:39 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-12-08 15:29 . 2009-12-08 15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-12-08 15:29 . 2009-12-08 15:29 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-12-07 17:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-12-07 17:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-12-07 17:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-12-07 17:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-12-07 17:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-12-07 17:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-12-05 20:17 . 2009-12-05 20:17 -------- d-----w- c:\program files\SoftByte Labs
2009-12-05 19:22 . 2009-12-05 19:22 -------- d-----w- c:\users\Parker\AppData\Roaming\Auslogics
2009-12-05 19:22 . 2009-12-05 19:22 -------- d-----w- c:\program files\Auslogics
2009-12-04 16:08 . 2009-12-11 16:29 2020120 ----a-w- c:\programdata\avg9\update\backup\avgtray.exe
2009-12-04 16:08 . 2009-12-11 16:29 1264408 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2009-12-04 16:08 . 2009-12-11 16:29 600344 ----a-w- c:\programdata\avg9\update\backup\avgnsx.exe
2009-12-04 16:08 . 2009-12-11 16:29 1475864 ----a-w- c:\programdata\avg9\update\backup\avgssie.dll
2009-12-04 16:08 . 2009-12-11 16:28 1082648 ----a-w- c:\programdata\avg9\update\backup\avgxpl.dll
2009-12-04 16:08 . 2009-12-11 16:28 615704 ----a-w- c:\programdata\avg9\update\backup\avgcertx.dll
2009-12-04 16:06 . 2009-12-11 16:26 844056 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2009-12-04 16:06 . 2009-12-11 16:26 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2009-12-04 15:03 . 2009-12-04 15:03 251376 ----a-w- c:\users\Parker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2009-10-29 09:17 . 2009-12-05 08:02 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-08 21:08 . 2009-12-08 07:42 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-08 21:08 . 2009-12-08 07:42 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 21:07 . 2009-12-08 07:42 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-15 12:28 . 2008-08-15 12:28 74 --sh--r- c:\windows\CT4CET.bin
2008-08-15 15:01 . 2008-08-15 15:00 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-02 18:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-15 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-12-05 323392]
"Google Update"="c:\users\Parker\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-13 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2008-02-29 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-12-03 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-19 3444736]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-11 49152]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-08-20 198160]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-01-02 405504]

c:\users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-8-15 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-08-15 12:47 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-09-17 13:05 222456 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):72,d1,32,03,65,77,ca,01

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [8/15/2008 2:09 AM 73728]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 4:56 PM 161048]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [5/14/2008 10:32 AM 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [5/14/2008 10:32 AM 166384]
S2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 9:23 PM 21504]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [5/14/2008 10:31 AM 1120752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058851237-742780144-202118921-1000Core.job
- c:\users\Parker\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 02:13]

2010-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4058851237-742780144-202118921-1000UA.job
- c:\users\Parker\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-13 02:13]

2010-01-05 c:\windows\Tasks\User_Feed_Synchronization-{913A792D-D146-4175-889D-DCA3959939B1}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080815
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.bloglines.com/myblogs
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\VistaCodecPack\rm\Netscape6\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\Netscape6\nprjplug.dll
FF - plugin: c:\program files\VistaCodecPack\rm\Netscape6\nprpjplug.dll
FF - plugin: c:\users\Parker\AppData\Local\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\users\Parker\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions\[email protected]\plugins\npiaplayer.dll
FF - plugin: c:\users\Parker\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Winamp Toolbar for Firefox - c:\users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\uninstall.exe

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3240)
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\DellTPad\HidFind.exe
c:\program files\DellTPad\Apntex.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-01-05 14:30:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 19:30

Pre-Run: 4,127,416,320 bytes free
Post-Run: 13,131,161,600 bytes free

- - End Of File - - 487F2092851CFA515C31D25477F552EF

MBAM Log

Malwarebytes' Anti-Malware 1.43
Database version: 3497
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

1/5/2010 3:35:19 PM
mbam-log-2010-01-05 (15-35-19).txt

Scan type: Quick Scan
Objects scanned: 101278
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\malware Defense (Rogue.MalwareDefense) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)

GMER Log

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-05 16:31:28
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Parker\AppData\Local\Temp\ufrorpog.sys

---- System - GMER 1.0.15 ----

SSDT 9C14331C ZwCreateThread
SSDT 9C143308 ZwOpenProcess
SSDT 9C14330D ZwOpenThread
SSDT 9C143317 ZwTerminateProcess

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001fe2d9f722
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001fe2d9f722 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

OTL Log

OTL Extras logfile created on: 1/5/2010 4:33:15 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Parker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.46 Gb Total Space | 11.69 Gb Free Space | 8.57% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.73 Gb Free Space | 47.32% Space Free | Partition Type: NTFS
Drive E: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGBERTHA
Current User Name: Parker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C3E3541-F8C8-4CF2-A7D9-87AAA69C72CC}" = rport=445 | protocol=6 | dir=out | app=system |
"{29620B54-A4AC-47A8-9232-28F632EEE7A0}" = lport=445 | protocol=6 | dir=in | app=system |
"{43E95E99-DFCB-494E-B8AB-D407DCD9564B}" = lport=139 | protocol=6 | dir=in | app=system |
"{466C3775-925A-4F68-B8E9-DEC4C4B8C6B2}" = rport=139 | protocol=6 | dir=out | app=system |
"{53BF0A91-0C5B-4798-8586-496C02CC11A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{5BDF921F-ED9F-4C00-BCD5-3CDB412F1522}" = lport=137 | protocol=17 | dir=in | app=system |
"{A1BDF72C-F43E-4EA2-9C43-4B1DD560D2FF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AF266631-4968-48B6-909C-55DEFBCA417F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{D20A5746-B208-4729-A85D-678123A06D90}" = rport=137 | protocol=17 | dir=out | app=system |
"{D603851A-B1CE-424A-B75C-8C7071C94BA7}" = lport=138 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{084CBBA5-3221-43DC-AD3A-6287C711CFBB}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1E3B68B1-ADDE-43EA-B56E-A586B75323FE}" = protocol=17 | dir=in | app=c:\users\parker\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{22A98A07-5C17-437B-9B49-0D1A02953B60}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{254F671E-AA58-4258-8E38-F47C5688BED8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{472AE8D7-3ABD-495C-8113-D85C2BA42563}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{4B5A5846-F249-4A8D-BED0-621066387E35}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4E9FF732-73CE-4CD0-810F-F394CD67FA66}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{523DC38A-04E7-4DD8-988D-D8D384576A35}" = protocol=17 | dir=in | app=c:\users\parker\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{647C9FC0-3505-4E9A-81A5-F7884E73A7EA}" = protocol=6 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{6C5AF769-1F18-4B68-A265-79C8BF9CD29D}" = protocol=6 | dir=in | app=c:\users\parker\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{75946A50-8B16-4588-B33E-68C058E1E505}" = protocol=17 | dir=in | app=c:\users\parker\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{76BDDC79-5E1C-4ADE-A286-3E630D9B0A25}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{77432E70-ED97-47A2-8674-D13155BBEA06}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{7FA073C5-C09D-4677-84D0-ADE7ECD4F8D9}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{81852408-DD36-484A-9DD2-8808DF41CB62}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8C4B697B-EBF5-41D4-ACA1-6BE21D88652B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\rise of nations\thrones.exe |
"{925C86AF-51D5-4714-8F96-724681B3E57D}" = protocol=1 | dir=in | [email protected],-28543 |
"{95EE0788-8E48-44D2-8C96-0B542455B432}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{AB544735-4DC8-43AA-A5CD-E259A8704DB6}" = protocol=58 | dir=out | [email protected],-28546 |
"{AC04017B-69DE-47F1-9357-02387624E546}" = protocol=6 | dir=in | app=c:\users\parker\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{C5652F95-4EA9-4F20-94E4-E94B76BCC405}" = protocol=58 | dir=in | [email protected],-28545 |
"{C6FDD143-FD3A-46FE-8E19-B0E3F20EF948}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CE017B7B-4529-42F1-8AEC-ECD80E5501D9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{D38056D8-BBA3-4A3A-A885-4A53C3E7659F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{DFE665A4-5F01-4E40-AC37-DA7CDE49DCBD}" = protocol=1 | dir=out | [email protected],-28544 |
"{E8020BAE-99B9-4891-A1E0-E8E2381B6A97}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{ED7CF9DF-3223-4E4B-89EB-F2BBCA5B3C7C}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{EDCDF90E-915A-4981-8408-45A64EFCAA53}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F182BD5E-68D0-4112-A453-E915A6FA54D2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F509A7AD-E7A5-4068-8753-5928E43EAFE7}" = protocol=6 | dir=in | app=c:\users\parker\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F8B37B8C-63B8-4C9D-BDA2-6BA5569652A9}" = protocol=17 | dir=in | app=c:\users\parker\appdata\local\google\google talk plugin\googletalkplugin.dll |
"{FB8C713B-CFA8-4C0D-9C3B-DCE12F58528E}" = protocol=6 | dir=in | app=c:\users\parker\appdata\local\google\google talk plugin\googletalkplugin.dll |
"TCP Query User{31B6D1A0-A723-43B3-87A5-2B8D90C5F099}C:\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"TCP Query User{93A5E6FD-393A-425D-B85A-FE59A8065E19}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{CF2A362E-8BA2-41CA-97B8-619E168B718B}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"UDP Query User{915A4CEF-2FA1-4BA3-904E-D55CE0F35007}C:\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"UDP Query User{D02CDB52-2073-4E74-B9CB-106B2CA76130}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{E24B0767-F934-40C1-B237-7A595941775C}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{255909FA-8E58-4BC2-A83A-3C71EB5DD6EC}" = EarthLink Setup Files
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{2FC02AE3-3BDB-4AAD-85CE-0568724F64B3}" = ComparatorPro
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D3D561-D1FD-4d57-8395-20030467E0F9}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D9D85F6B-F865-4845-BC90-45986D74E826}_is1" = Power Audio Video DVD Converter 3.0
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Diablo II" = Diablo II
"eMusic Download Manager" = eMusic Download Manager 4.1.3
"ERUNT_is1" = ERUNT 1.1j
"EV Nova" = EV Nova (remove only)
"ExpressBurn" = Express Burn
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"uTorrent" = µTorrent
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar for Internet Explorer
"WindowBlinds" = WindowBlinds
"WinRAR archiver" = WinRAR archiver
"Xilisoft iPod Manager" = Xilisoft iPod Rip

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"BitTorrent DNA" = DNA
"Diablo II" = Diablo II
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

OTL logfile created on: 1/5/2010 4:33:15 PM - Run 1
OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Parker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.46 Gb Total Space | 11.69 Gb Free Space | 8.57% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.73 Gb Free Space | 47.32% Space Free | Partition Type: NTFS
Drive E: | 607.25 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BIGBERTHA
Current User Name: Parker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/01/05 16:31:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Parker\Desktop\OTL.exe
PRC - [2009/12/16 17:15:43 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/05 11:00:30 | 00,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/09/21 15:36:12 | 00,305,440 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/08/19 23:58:00 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/12 16:11:01 | 08,318,056 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 01:27:36 | 02,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/08/29 18:12:56 | 00,230,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
PRC - [2008/08/15 07:36:54 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/19 01:26:20 | 03,444,736 | ---- | M] (Dell Inc.) -- C:\Windows\System32\WLTRAY.EXE
PRC - [2008/05/19 01:26:20 | 00,024,064 | ---- | M] () -- C:\Windows\System32\WLTRYSVC.EXE
PRC - [2008/05/19 01:25:26 | 02,506,752 | ---- | M] (Dell Inc.) -- C:\Windows\System32\BCMWLTRY.EXE
PRC - [2008/05/13 16:33:10 | 01,058,088 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/04/28 16:56:28 | 00,161,048 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/04/26 16:14:22 | 00,099,752 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
PRC - [2008/01/20 21:25:33 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/01 23:37:16 | 00,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2008/01/01 23:37:08 | 00,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2008/01/01 23:37:02 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/12/21 10:58:06 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/12/03 00:58:54 | 00,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/09/24 04:27:38 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2007/09/24 04:27:30 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2007/09/24 04:27:28 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2007/09/24 04:27:28 | 00,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2007/01/02 20:40:10 | 00,210,520 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2006/12/10 20:52:38 | 00,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
PRC - [2006/12/10 20:51:08 | 00,271,960 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
PRC - [2006/11/03 18:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe

========== Modules (SafeList) ==========

MOD - [2010/01/05 16:31:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Parker\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 01,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (SessionLauncher)
SRV - [2009/09/24 20:27:04 | 00,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/21 15:36:02 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/07/21 13:34:33 | 00,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/07/09 11:22:18 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/13 15:48:22 | 00,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/01/26 20:09:10 | 00,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/04 00:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/29 18:12:56 | 00,230,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)
SRV - [2008/08/15 07:47:45 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/05/19 01:26:20 | 00,024,064 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2008/05/14 10:32:18 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2008/05/14 10:32:10 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2008/05/14 10:31:38 | 01,120,752 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/04/28 16:56:28 | 00,161,048 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/03/24 07:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2008/01/20 21:23:32 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/16 18:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/01/16 18:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/01 23:37:08 | 00,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2008/01/01 23:37:02 | 00,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/10/14 20:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/02/28 01:00:14 | 00,225,280 | ---- | M] (Hewlett-Packard Co.) [On_Demand | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/02/28 01:00:14 | 00,131,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/08/04 19:39:20 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...amp;ibd=0080815
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bloglines.com/myblogs"
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.10
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe41}:1.0.9
FF - prefs.js..extensions.enabledItems: [email protected]:0.4.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:0.9947
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: [email protected]:0.1.9
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="

FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2009/10/11 12:47:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2009/10/11 12:47:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/16 17:15:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 17:15:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/10/11 12:47:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/08/24 17:57:43 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Mozilla\Extensions
[2010/01/05 12:56:02 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions
[2009/12/15 00:19:05 | 00,000,000 | ---D | M] (Screengrab) -- C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/08/09 21:38:10 | 00,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2009/05/19 14:34:16 | 00,000,000 | ---D | M] (No name found) -- C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe41}
[2009/02/04 11:44:11 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions\[email protected]
[2009/08/09 21:39:25 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions\[email protected]
[2009/08/09 21:39:25 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\extensions\[email protected]
[2009/01/02 19:43:06 | 00,001,196 | ---- | M] () -- C:\Users\Parker\AppData\Roaming\Mozilla\Firefox\Profiles\u1a6q379.default\searchplugins\winamp-search.xml
[2008/08/24 17:57:12 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/01/07 19:45:16 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
[2009/03/02 01:02:58 | 00,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Users\Parker\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.71.230 68.87.73.246
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\WBSrv: DllName - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/08/17 15:29:09 | 01,049,968 | R--- | M] (Microsoft Corporation) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2007/06/19 15:58:38 | 00,000,225 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/01/20 21:34:27 | 00,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/01/05 16:31:54 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Parker\Desktop\OTL.exe
[2010/01/05 15:51:36 | 00,000,000 | ---D | C] -- C:\Users\Parker\Desktop\gmer
[2010/01/05 15:41:24 | 00,096,104 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010/01/05 15:41:24 | 00,055,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010/01/05 15:41:24 | 00,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010/01/05 15:41:23 | 00,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/01/05 15:41:23 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2010/01/05 15:29:44 | 00,000,000 | ---D | C] -- C:\Users\Parker\AppData\Roaming\Malwarebytes
[2010/01/05 15:29:41 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/01/05 15:29:39 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/01/05 15:29:39 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/01/05 15:29:39 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/01/05 15:28:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/01/05 15:27:54 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Parker\Desktop\erunt_setup.exe
[2010/01/05 15:25:44 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Users\Parker\Desktop\TFC.exe
[2010/01/05 14:40:35 | 00,452,096 | ---- | C] (OldTimer Tools) -- C:\Users\Parker\Desktop\OTM.exe
[2010/01/05 14:21:55 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/01/05 14:19:19 | 00,000,000 | ---D | C] -- C:\Users\Parker\AppData\Local\temp
[2010/01/05 13:55:27 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/01/05 13:51:54 | 00,000,000 | ---D | C] -- C:\Users\Parker\Desktop\UACd-sys-Virus-something-Disabled-Malwarebytes-etc-t247987_files
[2010/01/05 01:21:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Age of Empires 3
[2010/01/05 01:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Games
[2010/01/01 18:40:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/01/01 18:40:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/01/01 18:40:55 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/01/01 18:39:11 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2010/01/01 18:35:00 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/01/01 18:33:24 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/29 21:58:15 | 00,000,000 | ---D | C] -- C:\Users\Parker\AppData\Roaming\AVG9
[2009/12/29 20:29:06 | 05,061,512 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Parker\Desktop\mbam-setup.exe
[2009/12/28 19:57:02 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/12/28 19:30:11 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/12/28 19:12:28 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/12/28 16:19:09 | 00,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2009/12/28 16:19:09 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/12/28 16:04:57 | 00,000,000 | R--D | C] -- C:\Users\Parker\Searches
[2009/12/28 15:56:35 | 00,000,000 | ---D | C] -- C:\Users\Parker\AppData\Local\Threat Expert

========== Files - Modified Within 14 Days ==========

[2010/01/05 16:34:06 | 03,932,160 | -HS- | M] () -- C:\Users\Parker\ntuser.dat
[2010/01/05 16:34:00 | 00,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4058851237-742780144-202118921-1000UA.job
[2010/01/05 16:31:54 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Parker\Desktop\OTL.exe
[2010/01/05 16:29:59 | 00,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{913A792D-D146-4175-889D-DCA3959939B1}.job
[2010/01/05 15:51:17 | 00,284,915 | ---- | M] () -- C:\Users\Parker\Desktop\gmer.zip
[2010/01/05 15:48:38 | 00,027,430 | ---- | M] () -- C:\Users\Parker\AppData\Roaming\nvModes.001
[2010/01/05 15:48:08 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 15:48:08 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/01/05 15:48:06 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/01/05 15:48:03 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/01/05 15:47:59 | 32,191,73376 | -HS- | M] () -- C:\hiberfil.sys
[2010/01/05 15:46:51 | 00,524,288 | -HS- | M] () -- C:\Users\Parker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/01/05 15:46:51 | 00,065,536 | -HS- | M] () -- C:\Users\Parker\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/01/05 15:46:30 | 00,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/01/05 15:46:24 | 02,825,150 | -H-- | M] () -- C:\Users\Parker\AppData\Local\IconCache.db
[2010/01/05 15:41:28 | 00,001,849 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/01/05 15:39:15 | 30,909,992 | ---- | M] () -- C:\Users\Parker\Desktop\avira_antivir_personal_en.exe
[2010/01/05 15:29:43 | 00,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/05 15:29:22 | 05,061,512 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Parker\Desktop\mbam-setup.exe
[2010/01/05 15:28:25 | 00,000,915 | ---- | M] () -- C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/05 15:28:16 | 00,000,735 | ---- | M] () -- C:\Users\Parker\Desktop\NTREGOPT.lnk
[2010/01/05 15:28:16 | 00,000,716 | ---- | M] () -- C:\Users\Parker\Desktop\ERUNT.lnk
[2010/01/05 15:27:54 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Parker\Desktop\erunt_setup.exe
[2010/01/05 15:25:44 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Users\Parker\Desktop\TFC.exe
[2010/01/05 14:40:36 | 00,452,096 | ---- | M] (OldTimer Tools) -- C:\Users\Parker\Desktop\OTM.exe
[2010/01/05 14:21:52 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/01/05 14:21:47 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/01/05 13:55:19 | 03,819,182 | R--- | M] () -- C:\Users\Parker\Desktop\Combo-Fix.exe
[2010/01/05 13:54:21 | 00,218,594 | ---- | M] () -- C:\Users\Parker\Desktop\fixerer.docx
[2010/01/05 13:54:21 | 00,000,162 | -H-- | M] () -- C:\Users\Parker\Desktop\~$ixerer.docx
[2010/01/05 13:51:55 | 00,211,619 | ---- | M] () -- C:\Users\Parker\Desktop\UACd-sys-Virus-something-Disabled-Malwarebytes-etc-t247987.html
[2010/01/05 02:11:13 | 00,153,088 | ---- | M] () -- C:\Users\Parker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/05 02:07:35 | 00,027,430 | ---- | M] () -- C:\Users\Parker\AppData\Roaming\nvModes.dat
[2010/01/04 01:51:13 | 00,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4058851237-742780144-202118921-1000Core.job
[2009/12/30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/30 14:54:58 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/30 14:19:31 | 00,926,608 | ---- | M] () -- C:\Users\Parker\Desktop\longmoon.pdf
[2009/12/28 03:28:49 | 00,007,592 | ---- | M] () -- C:\Users\Parker\AppData\Local\d3d9caps.dat
[2009/12/28 00:57:18 | 00,000,008 | ---- | M] () -- C:\ProgramData\sysReserve.ini
[2009/12/27 12:17:56 | 00,139,759 | ---- | M] () -- C:\Users\Parker\Desktop\Fellsmap.jpg

========== Files Created - No Company Name ==========

[2010/01/05 15:51:16 | 00,284,915 | ---- | C] () -- C:\Users\Parker\Desktop\gmer.zip
[2010/01/05 15:41:28 | 00,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/01/05 15:38:52 | 30,909,992 | ---- | C] () -- C:\Users\Parker\Desktop\avira_antivir_personal_en.exe
[2010/01/05 15:29:43 | 00,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/05 15:28:25 | 00,000,915 | ---- | C] () -- C:\Users\Parker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/01/05 15:28:16 | 00,000,735 | ---- | C] () -- C:\Users\Parker\Desktop\NTREGOPT.lnk
[2010/01/05 15:28:16 | 00,000,716 | ---- | C] () -- C:\Users\Parker\Desktop\ERUNT.lnk
[2010/01/05 13:54:21 | 00,000,162 | -H-- | C] () -- C:\Users\Parker\Desktop\~$ixerer.docx
[2010/01/05 13:54:19 | 00,218,594 | ---- | C] () -- C:\Users\Parker\Desktop\fixerer.docx
[2010/01/05 13:51:54 | 00,211,619 | ---- | C] () -- C:\Users\Parker\Desktop\UACd-sys-Virus-something-Disabled-Malwarebytes-etc-t247987.html
[2010/01/01 18:40:55 | 00,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/01/01 18:40:55 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/01/01 18:40:55 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/01/01 18:40:55 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/01/01 18:40:55 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/12/30 14:19:27 | 00,926,608 | ---- | C] () -- C:\Users\Parker\Desktop\longmoon.pdf
[2009/12/29 20:41:36 | 03,819,182 | R--- | C] () -- C:\Users\Parker\Desktop\Combo-Fix.exe
[2009/12/28 00:57:18 | 00,000,008 | ---- | C] () -- C:\ProgramData\sysReserve.ini
[2009/12/27 12:17:53 | 00,139,759 | ---- | C] () -- C:\Users\Parker\Desktop\Fellsmap.jpg
[2009/12/19 15:25:52 | 00,129,024 | ---- | C] () -- C:\Windows\System32\AVERM.dll
[2009/12/19 15:25:52 | 00,028,672 | ---- | C] () -- C:\Windows\System32\AVEQT.dll
[2009/11/04 11:58:41 | 00,217,088 | ---- | C] () -- C:\Windows\System32\avformat-50.dll
[2009/11/04 11:58:41 | 00,018,432 | ---- | C] () -- C:\Windows\System32\avutil-49.dll
[2009/11/04 11:58:40 | 01,984,512 | ---- | C] () -- C:\Windows\System32\avcodec-51.dll
[2009/08/16 11:17:32 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/08/16 11:17:32 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/08/07 21:59:35 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/03/09 14:24:15 | 00,001,625 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009/03/07 09:30:13 | 00,000,050 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/02/02 22:51:14 | 00,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/01/02 20:09:34 | 00,000,000 | ---- | C] () -- C:\Windows\WB.ini
[2009/01/02 20:04:41 | 00,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008/12/12 01:00:41 | 00,096,968 | ---- | C] () -- C:\Users\Parker\AppData\Local\rx_audio.Cache
[2008/12/12 01:00:41 | 00,002,376 | ---- | C] () -- C:\Users\Parker\AppData\Local\rx_image32.Cache
[2008/12/07 12:08:06 | 00,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/12/07 12:08:04 | 00,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/12/05 17:23:19 | 00,000,140 | ---- | C] () -- C:\Users\Parker\AppData\Roaming\EV Nova Prefs.prf
[2008/12/05 17:23:19 | 00,000,057 | ---- | C] () -- C:\Users\Parker\AppData\Roaming\EV Nova License.lcs
[2008/11/18 13:38:23 | 00,007,592 | ---- | C] () -- C:\Users\Parker\AppData\Local\d3d9caps.dat
[2008/08/26 00:05:42 | 00,027,430 | ---- | C] () -- C:\Users\Parker\AppData\Roaming\nvModes.001
[2008/08/25 21:34:29 | 00,027,430 | ---- | C] () -- C:\Users\Parker\AppData\Roaming\nvModes.dat
[2008/08/24 22:20:43 | 00,153,088 | ---- | C] () -- C:\Users\Parker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/15 10:04:12 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/08/15 07:29:30 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/07/23 11:50:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 11:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/23 11:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/23 11:46:38 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/09/04 10:56:10 | 00,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/02/05 19:05:26 | 00,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/03 17:25:56 | 00,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 01,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2009/12/05 14:22:43 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Auslogics
[2009/12/29 21:58:15 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\AVG9
[2009/09/27 17:33:45 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\BitTorrent
[2009/02/27 12:12:09 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Broad Intelligence
[2009/01/14 20:53:18 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Crayon Physics Deluxe
[2010/01/05 16:28:52 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\DNA
[2009/09/22 23:54:40 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\eMusic
[2009/03/09 14:49:41 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Image Zone Express
[2009/09/10 20:51:28 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\ourTunes
[2009/03/09 14:49:41 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Printer Info Cache
[2009/09/23 13:57:39 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\Thunderbird
[2009/12/31 17:18:47 | 00,000,000 | ---D | M] -- C:\Users\Parker\AppData\Roaming\uTorrent
[2010/01/05 15:46:30 | 00,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/01/05 16:29:59 | 00,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{913A792D-D146-4175-889D-DCA3959939B1}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 21:23:01 | 00,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 04:49:52 | 00,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2008/08/15 10:00:42 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008/08/15 10:00:42 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 00,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:23:00 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 00,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/08/15 10:00:41 | 00,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 04:46:03 | 00,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/02/12 16:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Drivers\storage\R154200\iastor.sys
[2007/02/12 16:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iastor.sys
[2007/02/12 16:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys
[2007/02/12 16:36:54 | 00,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8f0cb06b\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 21:23:23 | 00,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 01:28:23 | 00,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 21:24:05 | 00,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 21:23:21 | 00,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 21:24:50 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 01:28:24 | 00,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/05/19 01:25:24 | 00,054,784 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\bcmwlrmt.dll
[2009/04/11 01:27:47 | 00,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 00,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:3AEA6AF9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

Thank you for the help

#1
Crashintothis

Posted 05 January 2010 - 03:51 PM

Advertisements

Similar Topics

0 user(s) are reading this topic

As Featured On:

Forums

Downloads

Members

Connect With Us