Need Help

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

Posted Image

Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.

Posted Image

DO NOT RUN ComboFix unless requested to.

Posted Image

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

Posted Image

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Posted Image

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Page 1 of 1

You cannot start a new topic
This topic is locked

Need Help

#1 alaskansnowdragon

Member

Group: Members
Posts: 17
Joined: 17-November 11

Posted 27 November 2011 - 09:07 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic428972.html ~ OB

I was getting help from someone in "Am I Infected" and he said I had a Bootkit and needed to come here I tried doing the Prep guide but the DDS kept freezing my computer so he told me to do a OTL scan and post my Logs here.

HERES THE OTL.Txt File:

OTL logfile created on: 11/27/2011 7:24:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marc.rac2591-PC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.13% Memory free
4.23 Gb Paging File | 2.73 Gb Available in Paging File | 64.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 19.19 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.32 Gb Free Space | 33.18% Space Free | Partition Type: NTFS

Computer Name: RAC2591-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Marc.rac2591-PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Windstream\Service Agent\ServicepointService.exe (Radialpoint SafeCare Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe (Windstream)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Windows\System32\dlbkcoms.exe ( )
PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)

========== Modules (No Company Name) ==========

MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()

========== Win32 Services (SafeList) ==========

SRV - (ACDaemon) -- File not found
SRV - (vToolbarUpdater) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe ()
SRV - (avgfws) -- C:\Program Files\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (IMFservice) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe (IObit)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (ServicepointService) -- C:\Program Files\Windstream\Service Agent\ServicepointService.exe (Radialpoint SafeCare Inc.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (HsdService) -- C:\Program Files\Windstream\Diagnostic Tools\HsdService.exe (Windstream)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (dlbk_device) -- C:\Windows\System32\dlbkcoms.exe ( )

========== Driver Services (SafeList) ==========

DRV - (FileMonitor) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys ()
DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\AVGIDSShim.sys (AVG Technologies CZ, s.r.o. )
DRV - (UrlFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys (IObit.com)
DRV - (RegFilter) -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys (IObit.com)
DRV - (Avgrkx86) -- C:\Windows\system32\DRIVERS\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSEH) -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (ATMFNVsp) -- C:\Windows\System32\drivers\ATMFNVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ATMFCVsp) -- C:\Windows\System32\drivers\ATMFCVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ATMFVsp) -- C:\Windows\System32\drivers\ATMFVsp.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ATMFMdm) -- C:\Windows\System32\drivers\ATMFMdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV - (ATMFNET) -- C:\Windows\System32\drivers\ATMFNET.sys (DEVGURU Co., LTD.)
DRV - (ATMFBUS) -- C:\Windows\System32\drivers\ATMFBUS.sys (DEVGURU Co., LTD.)
DRV - (Smb) Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session) -- C:\Windows\System32\drivers\smb.sys ()
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PCASp50) -- C:\Windows\System32\drivers\PCASp50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)
DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1D 6C DF 01 D5 B3 8B 4D AD AB FF BB 3B 77 AA 09 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1D 6C DF 01 D5 B3 8B 4D AD AB FF BB 3B 77 AA 09 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1D 6C DF 01 D5 B3 8B 4D AD AB FF BB 3B 77 AA 09 [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 1D 6C DF 01 D5 B3 8B 4D AD AB FF BB 3B 77 AA 09 [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=1080501
IE - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Windstream\Service Agent\nprpspa.dll (Windstream)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\12\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.2: C:\Users\Marc.rac2591-PC\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\4.bin
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\27ffxtbr@OurBabyMaker_27.com: C:\Program Files\OurBabyMaker_27\bar\1.bin [2010/12/04 20:29:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/03/26 12:22:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2011/11/13 20:10:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2011/11/22 09:44:59 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E1BED8CB-B0F9-4397-AE36-2278BB7C9C42}: C:\Users\Marc.rac2591-PC\AppData\Local\{E1BED8CB-B0F9-4397-AE36-2278BB7C9C42}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\info@friendschecker.com: C:\Program Files\FriendsChecker\DynConFf\

[2010/05/19 20:41:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Extensions
[2010/03/14 20:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marc\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110903104356.dll (McAfee, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.40\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {3EE8D0BE-F450-4EF2-97B9-AC2222D14DB3} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Marc.rac2591-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - C:\Program Files\Winferno\PC Confidential\PCConfidential.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-893073134-3612679996-1911689176-1005\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89803B9F-D4E8-4EDC-84E0-834315E9FA0C}: DhcpNameServer = 192.168.254.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll ()
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Marc.rac2591-PC\Pictures\smokehouse.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marc.rac2591-PC\Pictures\smokehouse.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/27 19:22:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Marc.rac2591-PC\Desktop\OTL.exe
[2011/11/27 14:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/11/26 22:19:51 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Marc.rac2591-PC\Desktop\dds.scr
[2011/11/24 03:01:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/11/23 11:24:53 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/23 09:53:07 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Marc.rac2591-PC\Desktop\FixTDSS.exe
[2011/11/23 09:07:17 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Marc.rac2591-PC\Desktop\nick.com.exe
[2011/11/23 09:06:17 | 009,851,496 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Marc.rac2591-PC\Desktop\mbam-setup.exe
[2011/11/23 09:04:41 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
[2011/11/23 06:55:07 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\xF33pG5adWKf9hX
[2011/11/23 06:55:06 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\gVeellOBtzP0cAi
[2011/11/23 06:14:37 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011/11/23 02:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\2EF04
[2011/11/23 02:19:53 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AV Protection 2011
[2011/11/23 02:19:51 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\RdWK8fRL9TqUeIr
[2011/11/23 02:19:51 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\KPNyxA1uv2b3m5Q
[2011/11/23 02:19:47 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\8002E
[2011/11/23 02:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2011/11/23 02:19:39 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\LS1ibD3on4m6W7E
[2011/11/23 02:19:37 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\xS2obF3pm5Q6W8R
[2011/11/22 21:46:19 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\SoftGrid Client
[2011/11/22 21:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2011/11/22 21:29:27 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\TP
[2011/11/20 22:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011/11/17 16:18:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011/11/17 09:57:18 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/11/17 09:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/11/13 20:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/11/13 20:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011/11/13 12:31:17 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\yahoo!
[2011/11/13 06:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(52)
[2011/11/11 17:52:04 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/11/11 17:19:14 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\AVG2012
[2011/11/11 17:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012
[2011/11/11 17:17:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2011/11/11 17:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2011/11/11 17:17:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2011/11/11 17:12:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2011/11/11 17:12:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2011/11/11 17:10:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2011/11/11 17:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/11/10 16:34:01 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/10 16:33:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/10 16:33:03 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/10 16:33:03 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/05 18:11:45 | 000,000,000 | -HSD | C] -- C:\Users\Marc.rac2591-PC\AppData\Local\b199ab89
[2011/11/01 11:14:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2011/11/01 11:14:42 | 000,000,000 | ---D | C] -- C:\Users\Marc.rac2591-PC\AppData\Roaming\IObit
[2011/11/01 11:14:40 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/02/17 11:34:10 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Marc.rac2591-PC\AppData\Roaming\pcouffin.sys
[2007/06/25 23:17:06 | 000,386,288 | ---- | C] ( ) -- C:\Windows\System32\dlbkih.exe
[2007/06/25 23:17:04 | 000,537,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkcoms.exe
[2007/06/25 23:17:00 | 000,382,192 | ---- | C] ( ) -- C:\Windows\System32\dlbkcfg.exe
[2007/03/21 15:41:30 | 000,073,728 | ---- | C] ( ) -- C:\Windows\System32\dlbkcu.dll
[2007/01/30 16:47:52 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlbkpmui.dll
[2007/01/30 16:46:00 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlbkserv.dll
[2007/01/30 16:38:18 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomm.dll
[2007/01/30 16:36:30 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlbklmpm.dll
[2007/01/30 16:35:00 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlbkiesc.dll
[2007/01/30 16:32:06 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlbkpplc.dll
[2007/01/30 16:31:08 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlbkcomc.dll
[2007/01/30 16:30:30 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlbkprox.dll
[2007/01/30 16:22:32 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlbkinpa.dll
[2007/01/30 16:21:46 | 000,995,328 | ---- | C] ( ) -- C:\Windows\System32\dlbkusb1.dll
[2007/01/30 16:17:02 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlbkhbn3.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Marc.rac2591-PC\Desktop\*.tmp files -> C:\Users\Marc.rac2591-PC\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/27 19:33:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{9F03AC60-3413-43CF-9E38-C94C2082A5DA}.job
[2011/11/27 19:22:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Marc.rac2591-PC\Desktop\OTL.exe
[2011/11/27 18:50:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/27 18:06:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 18:06:40 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/27 16:43:02 | 110,914,329 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/27 16:30:52 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/27 16:30:50 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro startups.job
[2011/11/27 16:30:49 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job
[2011/11/27 14:09:30 | 000,001,653 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/11/27 14:06:55 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011/11/27 14:06:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/27 13:51:33 | 000,000,926 | -HS- | M] () -- C:\Users\Marc.rac2591-PC\AppData\Local\4d28gj7v57h501
[2011/11/27 13:51:33 | 000,000,926 | -HS- | M] () -- C:\ProgramData\4d28gj7v57h501
[2011/11/27 08:17:13 | 000,050,477 | ---- | M] () -- C:\Users\Marc.rac2591-PC\Desktop\Defogger.exe
[2011/11/27 04:42:25 | 000,250,681 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/26 22:19:55 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Marc.rac2591-PC\Desktop\dds.scr
[2011/11/26 21:55:21 | 000,000,000 | ---- | M] () -- C:\Users\Marc.rac2591-PC\defogger_reenable
[2011/11/25 21:19:39 | 000,000,865 | R-S- | M] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
[2011/11/25 19:39:28 | 000,618,809 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/11/24 03:01:38 | 000,604,708 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/11/24 03:01:38 | 000,104,150 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/11/23 09:53:26 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Marc.rac2591-PC\Desktop\FixTDSS.exe
[2011/11/23 09:07:53 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/23 09:07:22 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Marc.rac2591-PC\Desktop\nick.com.exe
[2011/11/23 09:06:25 | 009,851,496 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Marc.rac2591-PC\Desktop\mbam-setup.exe
[2011/11/23 06:43:40 | 001,008,092 | ---- | M] () -- C:\Users\Marc.rac2591-PC\Desktop\rkill.com
[2011/11/23 02:36:51 | 000,001,864 | ---- | M] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\ahst.lni
[2011/11/23 02:18:48 | 000,008,160 | ---- | M] () -- C:\Users\Marc.rac2591-PC\AppData\Local\d3d9caps.dat
[2011/11/22 22:05:39 | 000,002,503 | ---- | M] () -- C:\Users\Marc.rac2591-PC\Desktop\HiJackThis.lnk
[2011/11/22 20:47:56 | 000,000,905 | ---- | M] () -- C:\Users\Marc.rac2591-PC\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/11/22 09:44:59 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/20 22:56:36 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/18 09:52:10 | 000,001,933 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/11/17 16:21:33 | 000,000,240 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/11/17 16:18:02 | 220,547,663 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/11/10 16:33:19 | 000,001,762 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Marc.rac2591-PC\Desktop\*.tmp files -> C:\Users\Marc.rac2591-PC\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/27 16:43:02 | 110,914,329 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2011/11/27 13:51:33 | 000,000,926 | -HS- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Local\4d28gj7v57h501
[2011/11/27 13:51:33 | 000,000,926 | -HS- | C] () -- C:\ProgramData\4d28gj7v57h501
[2011/11/27 08:16:59 | 000,050,477 | ---- | C] () -- C:\Users\Marc.rac2591-PC\Desktop\Defogger.exe
[2011/11/27 04:42:25 | 000,250,681 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2011/11/26 21:55:21 | 000,000,000 | ---- | C] () -- C:\Users\Marc.rac2591-PC\defogger_reenable
[2011/11/25 21:19:39 | 000,000,865 | R-S- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
[2011/11/25 19:39:28 | 000,618,809 | ---- | C] () -- C:\Windows\System32\drivers\AVG\iavifw.avm
[2011/11/23 06:43:40 | 001,008,092 | ---- | C] () -- C:\Users\Marc.rac2591-PC\Desktop\rkill.com
[2011/11/23 02:19:52 | 000,001,864 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\ahst.lni
[2011/11/20 22:56:36 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011/11/17 16:21:33 | 000,000,240 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2011/11/17 16:18:02 | 220,547,663 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/11/17 09:57:19 | 000,002,503 | ---- | C] () -- C:\Users\Marc.rac2591-PC\Desktop\HiJackThis.lnk
[2011/11/16 17:08:38 | 000,001,653 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security.lnk
[2011/11/11 17:18:32 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2011/11/10 16:33:19 | 000,001,762 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/05/14 02:05:21 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011/05/13 17:28:38 | 000,000,120 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Local\Fyalihocimafeyut.dat
[2011/05/13 17:28:38 | 000,000,000 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Local\Fnoxodihoduc.bin
[2011/04/18 21:35:01 | 000,000,036 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\lZJoYI4Nl0eqQ3j+wCKUIry3uRhdr21PeA==.trl
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/11/03 13:12:47 | 000,001,156 | -HS- | C] () -- C:\Windows\lcfep5.drv
[2010/09/18 11:20:29 | 000,144,904 | ---- | C] () -- C:\Windows\System32\Afm.dll
[2010/09/07 20:50:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PrimoApimonnt.dll
[2010/09/07 20:50:26 | 000,000,311 | ---- | C] () -- C:\Windows\primoapi.ini
[2010/03/08 14:16:31 | 000,003,036 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\wklnhst.dat
[2010/03/07 10:48:50 | 000,008,160 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Local\d3d9caps.dat
[2010/02/17 11:34:10 | 000,007,887 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\pcouffin.cat
[2010/02/17 11:34:10 | 000,001,144 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\pcouffin.inf
[2010/02/09 17:10:01 | 000,001,041 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Roaming\vso_ts_preview.xml
[2010/02/09 15:04:44 | 000,012,288 | ---- | C] () -- C:\Users\Marc.rac2591-PC\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/20 10:37:50 | 000,000,146 | ---- | C] () -- C:\Windows\WININIT.INI
[2010/01/18 02:20:19 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/01/18 00:42:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/18 00:42:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/01/18 00:41:22 | 000,066,560 | ---- | C] () -- C:\Windows\System32\drivers\smb.sys
[2009/12/14 00:23:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/05/19 21:21:09 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2008/09/05 16:56:30 | 000,000,094 | ---- | C] () -- C:\Windows\dellstat.ini
[2008/07/18 23:39:33 | 000,000,133 | ---- | C] () -- C:\Windows\7THLEVEL.INI
[2008/05/01 16:48:03 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2008/05/01 16:48:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/05/01 16:48:03 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/05/01 16:48:03 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2008/05/01 16:48:03 | 000,040,960 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2008/05/01 16:47:59 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/05/01 08:54:02 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2007/03/21 15:53:26 | 000,462,848 | ---- | C] () -- C:\Windows\System32\dlbkjswr.dll
[2007/03/21 15:53:16 | 000,090,112 | ---- | C] () -- C:\Windows\System32\dlbkcur.dll
[2007/03/21 15:41:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\dlbkutil.dll
[2007/02/23 00:32:00 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlbkcoin.dll
[2007/02/08 00:58:00 | 000,039,899 | ---- | C] () -- C:\Windows\System32\rtsicis.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,506,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,604,708 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,104,150 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/12/16 21:15:44 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlbkvs.dll
[2005/09/13 23:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv5.dll
[2005/09/13 23:27:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlbkcnv4.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:C40E212B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:3F22DA14
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:C72A744C
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:926B6E7A
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:8E3D07DE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F878F14A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:E1069F99
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:E6A84C9D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:F9A04C32
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A02025CE
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:3D36932D
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:32A82570
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:86F2D5A9
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:55818279
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

HERES THE Extras.Txt:

OTL Extras logfile created on: 11/27/2011 7:24:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marc.rac2591-PC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.13% Memory free
4.23 Gb Paging File | 2.73 Gb Available in Paging File | 64.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 19.19 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.32 Gb Free Space | 33.18% Space Free | Partition Type: NTFS

Computer Name: RAC2591-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10584325-55C7-4988-B5CF-BF31E391820A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1853BA13-845D-4FC1-AA6F-482BCAF17A33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{31488F60-107A-4155-892C-391B4C64D2CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{562C8A24-2872-40B2-84D0-72E987546DAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BD143E9-83E0-42B2-95C2-08981CFD85DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A1262178-47D9-46B1-9A3B-3DBFC7572F47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A9657F19-45F8-45AD-AA48-D54E021169D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AEB95B92-D1F7-49D5-91F9-7D1C9380E0C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B15AFE44-C3B8-434B-94DC-739841CB2457}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B3B98971-E128-495B-8EF9-51891419D874}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D7D4CFF4-5020-44C4-A70C-469A6605E00C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D8A823F0-9A87-4134-BA59-329858B649E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E58CD49C-AD9F-4AD0-99C8-B39B8BB6B3BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F90430A4-851A-41F7-A106-DFF9CAEBBADC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE03DE5F-967E-40CD-A4E3-EF816118C5BD}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F29F47-1C5C-42BF-9EC6-BC624C9B504D}" = protocol=17 | dir=in | app=c:\program files\coolchaser toolbar\toolbarupdate.exe |
"{033D6F45-F7A8-4642-B852-B22FC614FD51}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{06913B4D-7B46-434D-8DB6-56BE01BD0749}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0BE79884-1C38-48A0-ABAB-ED206381B9E7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0C222893-7415-496A-88CC-73A856CB59FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CCEA070-DDAD-4D69-AE6E-7DE3020481A9}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{11117094-15FE-4B78-A8BE-89AD7176B2E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{13BB8A8D-CBF2-4C73-AB26-B9DAFB4384DD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1405C7C3-52CE-4A3F-B689-FD77262A54BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1A48C347-1216-43BB-9EB7-EF6C34DD53C7}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{28DBFC86-3057-41A3-A57F-1BDB149410CE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{29148CCE-8719-496E-AC44-5D206B34FFB7}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{350E0066-9F54-44B1-AB8B-5C9FFFCD4B7D}" = protocol=6 | dir=in | app=c:\program files\coolchaser toolbar\toolbarupdate.exe |
"{363274B9-8664-4A8A-95C2-424FD007CD5D}" = protocol=17 | dir=in | app=c:\users\rac2591\desktop\limewire\limewire.exe |
"{3967E082-4599-4B9D-8051-BF55416312D2}" = protocol=17 | dir=in | app=c:\users\rac2591\downloads\limewire\limewire.exe |
"{3A068768-A2B4-42D9-A085-E30E0AB3F95E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A3115C6-3DEF-4699-A2CA-1F49265369FD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3CA6B7DF-E7C1-4656-93E1-3474FE47E6CE}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3EA1060D-1547-4827-843C-E0B47B862017}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{458F5D95-F0AF-41BD-A729-31FEEE76E2FF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4927E337-0490-4872-B9E4-55CC7216B6E9}" = protocol=6 | dir=in | app=c:\program files\coolchaser toolbar\troubleshooter.exe |
"{4AD8DF91-209F-405E-920E-2C02A3558ADB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F8578DE-1BD8-4D0B-92E2-05E8C6E98169}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{517D8056-DC13-4936-9018-A71687D58056}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5696610A-9C1C-4BE9-B8AC-2E91DE7305FB}" = protocol=6 | dir=in | app=c:\users\rac2591\desktop\limewire\limewire.exe |
"{67026DF0-A458-47FC-89A3-5605168585C2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{692CF586-13FE-4963-B9A1-7603B2765E11}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{70E4F620-A395-48ED-B996-6DEE09DCEC16}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{74694573-FFED-4A82-9D9B-97EAE7A3412A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7892D611-A28C-49B2-8B95-A0D426E2EB64}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{7B2A6353-6326-47F6-9E22-4A969023C511}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7C7C7F1C-6A9B-43DB-AD98-E25E958C8406}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7CCD3530-F7D5-4843-8AF8-0A37E154217E}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{84B207A6-CFC5-43B2-B8F7-8DFB9CC55AD7}" = protocol=6 | dir=out | app=system |
"{8B768B86-3251-46C3-ABF8-B36E478DA8FF}" = protocol=17 | dir=in | app=c:\users\rac2591\downloads\limewire\limewire.exe |
"{8BA19D56-B7C2-455E-BBF8-72317EB92620}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C04140D-58E7-4843-B1AC-8E160AFA61F0}" = protocol=6 | dir=in | app=c:\users\rac2591\downloads\limewire\limewire.exe |
"{8FE39EFA-0E49-470D-A0A1-5BFE3C522242}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9C8F4720-0EB0-4EED-A192-926E2E505302}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{9CB2FCD4-1807-4468-BB7E-75DF3EC7E007}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{A05EF305-52FF-4C88-B189-CD4B7BBAD734}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{AB84B7B2-203B-48C7-B50E-5CD6A66B9C88}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B1534680-A525-44CD-9647-4876C8CEDEAC}" = protocol=6 | dir=out | app=system |
"{B628DF55-3E6A-4A7E-B900-5267B5E3D061}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B9598387-DBE2-4F5B-8417-18D327DE720C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{BB844729-DCA9-4B51-AA45-05F414EDC7A9}" = protocol=17 | dir=in | app=c:\program files\coolchaser toolbar\troubleshooter.exe |
"{C064AD46-4A6D-4293-9FD0-4B019BB3865C}" = protocol=6 | dir=in | app=c:\program files\windstream\service agent\servicepointservice.exe |
"{CB3C9A4A-A6E6-4A8A-8F2A-395B278B7F7A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{CE065E6D-E679-49F0-A3C9-17546D4757E3}" = protocol=6 | dir=in | app=c:\users\rac2591\downloads\limewire\limewire.exe |
"{D033A292-496D-4E89-A168-B71F5C4253D5}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{D835198B-875D-40AD-95B5-2F2A5F041D78}" = protocol=17 | dir=in | app=c:\program files\windstream\service agent\servicepointservice.exe |
"{DEF60C89-FE5A-460B-97BA-EC27165BB21F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E110052E-9A3E-45DC-8004-0E4B795F2E74}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E224746B-FBBE-43E1-B230-0F3AA935583B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E5B7AB15-A65C-4B60-B693-B2F3FD5028E6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F40A93B9-58BA-4DF4-9F69-440639602633}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{F89AD54C-88B4-4494-B767-232BCA160895}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{FD1CF25F-1A13-458D-BF99-B59A3B8DAF0A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{FF7F77AB-18CC-44F5-86FE-9091E00A1BB8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{07CFFDE6-D293-4636-92A0-CE5388A936C5}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{2204963B-91D0-44A9-B45C-173ED754546A}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{2CB694BB-47A4-4D1D-A303-C773EBCB3C34}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{39AFA738-1CB6-4602-BB47-3E3DC8EE3108}C:\users\brad\appdata\roaming\myspace\im\bin\myspaceim.exe" = protocol=6 | dir=in | app=c:\users\brad\appdata\roaming\myspace\im\bin\myspaceim.exe |
"TCP Query User{5FF41D7D-903B-4C71-984E-66266FEEDB00}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{654000DD-FC25-4A39-87D2-468188140645}C:\westwood\sun\game.icd" = protocol=6 | dir=in | app=c:\westwood\sun\game.icd |
"TCP Query User{69B8511C-24F8-46FE-AE82-AB8C6AFEB040}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{91E59647-FFAC-41B9-B4A3-584197177EA3}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"TCP Query User{A040ED97-92C5-4592-9996-B4DCF2110B82}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A089D9F4-6447-47C4-AF5E-D37A3C5442E2}C:\program files\floor covering soft\fep\floorestimatepro.exe" = protocol=6 | dir=in | app=c:\program files\floor covering soft\fep\floorestimatepro.exe |
"TCP Query User{C97CCC73-FCD7-41A6-BA2C-B64C97DCCCFD}C:\users\misty\appdata\roaming\myspace\im\bin\myspaceim.exe" = protocol=6 | dir=in | app=c:\users\misty\appdata\roaming\myspace\im\bin\myspaceim.exe |
"UDP Query User{0454950F-AD34-4855-8CC4-78A5438622BD}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"UDP Query User{1AF4FB28-A539-418A-B25A-3C7BCB8E943D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{364A758E-C3FB-468D-850D-B729E133E33D}C:\users\misty\appdata\roaming\myspace\im\bin\myspaceim.exe" = protocol=17 | dir=in | app=c:\users\misty\appdata\roaming\myspace\im\bin\myspaceim.exe |
"UDP Query User{48C7B202-D8BE-411D-99C1-BCD63F0E9CC7}C:\program files\floor covering soft\fep\floorestimatepro.exe" = protocol=17 | dir=in | app=c:\program files\floor covering soft\fep\floorestimatepro.exe |
"UDP Query User{784002F0-48C4-43D4-AC0C-D69D844187C1}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{7BC60674-E494-40ED-B1D3-18EC54AA4E72}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"UDP Query User{8C286F80-BE02-4E35-9F2C-5797EA8B083D}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{9679573A-A34B-4601-975C-5213A797FF95}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"UDP Query User{AD92920F-DBFB-4675-B6E5-F879D6283CE1}C:\westwood\sun\game.icd" = protocol=17 | dir=in | app=c:\westwood\sun\game.icd |
"UDP Query User{B04BAF62-C788-439B-9B02-E52A6431B05A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B36A0384-3304-41EC-9396-00ADCB7118D1}C:\users\brad\appdata\roaming\myspace\im\bin\myspaceim.exe" = protocol=17 | dir=in | app=c:\users\brad\appdata\roaming\myspace\im\bin\myspaceim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}" = AVG 2012
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{740ed830-8014-4714-abc4-dd98b8549419}" = Virtual Casino
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}" = Cricket EVDO Modem
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE7B959B-BEB0-456C-BB55-60F5EAD8E9B0}" = Cricket Broadband 1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2012
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FormMax Evaluation_is1" = FormMax Evaluation 3.5
"FrostWire" = FrostWire 4.21.5
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSC" = McAfee Internet Security
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NAVIGON Fresh" = NAVIGON Fresh 1.4.9
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PCConfidential_is1" = PC Confidential 2008
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RadialpointClientGateway_is1" = Windstream Service Agent 4.1.10
"RadialpointHomeSecurityDashboard_is1" = Windstream Diagnostic Tools 3.0.21
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.15
"RealPlayer 12.0" = RealPlayer
"RingCentral" = RingCentral Call Controller
"SmartMusic for Essential Elements 2000 Band Book 1 Student Edition" = SmartMusic for Essential Elements 2000 Band Book 1 Student Edition
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windstream_BCUC" = Windstream Broadband Check-up Center
"WinLiveSuite_Wave3" = Windows Live Essentials
"WTA-0b858a61-e5d8-4856-af71-690b9135ff7a" = Diego's Ultimate Rescue
"WTA-39776842-a5ae-4371-90b8-952e84680d4d" = Final Drive: Nitro
"WTA-3bef0332-65dd-4ca2-8090-7cd22ce115b1" = Deep Sea Tycoon
"WTA-3d93c0ad-d581-4f8a-a2d3-d34a00133d4f" = Eighteen Wheels of Steel Haulin'
"WTA-63f5754c-fae8-414a-8964-22643861fdb8" = Burger Bustle
"WTA-71f8236c-626c-4cce-a2a3-631764ca9f60" = Diego's Safari Adventure
"WTA-a4397a53-15da-4ee5-ae19-086231c35822" = Polar Tubing
"WTA-a64654e6-4370-424d-bbf6-904844876227" = 18 Wheels of Steel - American Long Haul
"WTA-b7466330-fa3c-4d24-a57f-8d999ed7c419" = Eighteen Wheels of Steel: Extreme Trucker 2
"WTA-b7de1873-0684-4de2-8135-129a14808410" = Dora's Carnival Adventure
"WTA-ef37bf4a-9287-4331-b9de-9505b2c110b2" = Prison Tycoon - Alcatraz
"WTA-fc4edf55-6320-4f41-bf23-6eeccbc465ac" = Diego's Dinosaur Adventure
"WTA-fd949dcb-e582-48cf-a6c5-c5602d0cc405" = Dora the Explorer - Swiper's Big Adventure
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RadialpointServicepointDashboardExtensions_is1" = Radialpoint Servicepoint Dashboard Extensions version 11.7.24.5
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2011 2:23:33 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:33 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:35 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:36 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:36 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:36 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 10:50:19 AM | Computer Name = rac2591-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error - 11/27/2011 12:57:07 PM | Computer Name = rac2591-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error - 11/27/2011 4:02:22 PM | Computer Name = rac2591-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071c, fault offset 0x00089715, process id 0x2ae0, application
start time 0x01ccad3f712bc376.

Error - 11/27/2011 4:07:16 PM | Computer Name = rac2591-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

[ Media Center Events ]
Error - 5/20/2009 2:21:38 PM | Computer Name = rac2591-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 1:53:40 PM | Computer Name = rac2591-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/16/2009 5:26:16 PM | Computer Name = rac2591-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/27/2011 12:56:38 PM | Computer Name = rac2591-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:46:40 AM on 11/27/2011 was unexpected.

Error - 11/27/2011 12:58:07 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/27/2011 12:58:07 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2011 12:58:07 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2011 12:58:28 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/27/2011 4:03:26 PM | Computer Name = rac2591-PC | Source = DCOM | ID = 10010
Description =

Error - 11/27/2011 4:08:09 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/27/2011 4:08:09 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2011 4:08:09 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2011 4:09:00 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7022
Description =

< End of report >

This post has been edited by Orange Blossom: 28 November 2011 - 02:40 AM

#2 alaskansnowdragon

Member

Group: Members
Posts: 17
Joined: 17-November 11

Posted 27 November 2011 - 09:07 PM

HERES THE Extras.Txt:

OTL Extras logfile created on: 11/27/2011 7:24:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Marc.rac2591-PC\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.18 Gb Available Physical Memory | 59.13% Memory free
4.23 Gb Paging File | 2.73 Gb Available in Paging File | 64.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138.96 Gb Total Space | 19.19 Gb Free Space | 13.81% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 3.32 Gb Free Space | 33.18% Space Free | Partition Type: NTFS

Computer Name: RAC2591-PC | User Name: Marc | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10584325-55C7-4988-B5CF-BF31E391820A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1853BA13-845D-4FC1-AA6F-482BCAF17A33}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{31488F60-107A-4155-892C-391B4C64D2CB}" = rport=10243 | protocol=6 | dir=out | app=system |
"{562C8A24-2872-40B2-84D0-72E987546DAF}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9BD143E9-83E0-42B2-95C2-08981CFD85DD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{A1262178-47D9-46B1-9A3B-3DBFC7572F47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A9657F19-45F8-45AD-AA48-D54E021169D7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{AEB95B92-D1F7-49D5-91F9-7D1C9380E0C8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{B15AFE44-C3B8-434B-94DC-739841CB2457}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{B3B98971-E128-495B-8EF9-51891419D874}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D7D4CFF4-5020-44C4-A70C-469A6605E00C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=c:\windows\system32\svchost.exe |
"{D8A823F0-9A87-4134-BA59-329858B649E7}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=c:\windows\system32\svchost.exe |
"{E58CD49C-AD9F-4AD0-99C8-B39B8BB6B3BA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{F90430A4-851A-41F7-A106-DFF9CAEBBADC}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FE03DE5F-967E-40CD-A4E3-EF816118C5BD}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F29F47-1C5C-42BF-9EC6-BC624C9B504D}" = protocol=17 | dir=in | app=c:\program files\coolchaser toolbar\toolbarupdate.exe |
"{033D6F45-F7A8-4642-B852-B22FC614FD51}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{06913B4D-7B46-434D-8DB6-56BE01BD0749}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{0BE79884-1C38-48A0-ABAB-ED206381B9E7}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0C222893-7415-496A-88CC-73A856CB59FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0CCEA070-DDAD-4D69-AE6E-7DE3020481A9}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{11117094-15FE-4B78-A8BE-89AD7176B2E1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{13BB8A8D-CBF2-4C73-AB26-B9DAFB4384DD}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1405C7C3-52CE-4A3F-B689-FD77262A54BB}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{1A48C347-1216-43BB-9EB7-EF6C34DD53C7}" = protocol=6 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{28DBFC86-3057-41A3-A57F-1BDB149410CE}" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{29148CCE-8719-496E-AC44-5D206B34FFB7}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{350E0066-9F54-44B1-AB8B-5C9FFFCD4B7D}" = protocol=6 | dir=in | app=c:\program files\coolchaser toolbar\toolbarupdate.exe |
"{363274B9-8664-4A8A-95C2-424FD007CD5D}" = protocol=17 | dir=in | app=c:\users\rac2591\desktop\limewire\limewire.exe |
"{3967E082-4599-4B9D-8051-BF55416312D2}" = protocol=17 | dir=in | app=c:\users\rac2591\downloads\limewire\limewire.exe |
"{3A068768-A2B4-42D9-A085-E30E0AB3F95E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A3115C6-3DEF-4699-A2CA-1F49265369FD}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3CA6B7DF-E7C1-4656-93E1-3474FE47E6CE}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{3EA1060D-1547-4827-843C-E0B47B862017}" = protocol=17 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{458F5D95-F0AF-41BD-A729-31FEEE76E2FF}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{4927E337-0490-4872-B9E4-55CC7216B6E9}" = protocol=6 | dir=in | app=c:\program files\coolchaser toolbar\troubleshooter.exe |
"{4AD8DF91-209F-405E-920E-2C02A3558ADB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4F8578DE-1BD8-4D0B-92E2-05E8C6E98169}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{517D8056-DC13-4936-9018-A71687D58056}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{5696610A-9C1C-4BE9-B8AC-2E91DE7305FB}" = protocol=6 | dir=in | app=c:\users\rac2591\desktop\limewire\limewire.exe |
"{67026DF0-A458-47FC-89A3-5605168585C2}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{692CF586-13FE-4963-B9A1-7603B2765E11}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{70E4F620-A395-48ED-B996-6DEE09DCEC16}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{74694573-FFED-4A82-9D9B-97EAE7A3412A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{7892D611-A28C-49B2-8B95-A0D426E2EB64}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{7B2A6353-6326-47F6-9E22-4A969023C511}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7C7C7F1C-6A9B-43DB-AD98-E25E958C8406}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7CCD3530-F7D5-4843-8AF8-0A37E154217E}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{84B207A6-CFC5-43B2-B8F7-8DFB9CC55AD7}" = protocol=6 | dir=out | app=system |
"{8B768B86-3251-46C3-ABF8-B36E478DA8FF}" = protocol=17 | dir=in | app=c:\users\rac2591\downloads\limewire\limewire.exe |
"{8BA19D56-B7C2-455E-BBF8-72317EB92620}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C04140D-58E7-4843-B1AC-8E160AFA61F0}" = protocol=6 | dir=in | app=c:\users\rac2591\downloads\limewire\limewire.exe |
"{8FE39EFA-0E49-470D-A0A1-5BFE3C522242}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{9C8F4720-0EB0-4EED-A192-926E2E505302}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{9CB2FCD4-1807-4468-BB7E-75DF3EC7E007}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{A05EF305-52FF-4C88-B189-CD4B7BBAD734}" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"{AB84B7B2-203B-48C7-B50E-5CD6A66B9C88}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{B1534680-A525-44CD-9647-4876C8CEDEAC}" = protocol=6 | dir=out | app=system |
"{B628DF55-3E6A-4A7E-B900-5267B5E3D061}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{B9598387-DBE2-4F5B-8417-18D327DE720C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{BB844729-DCA9-4B51-AA45-05F414EDC7A9}" = protocol=17 | dir=in | app=c:\program files\coolchaser toolbar\troubleshooter.exe |
"{C064AD46-4A6D-4293-9FD0-4B019BB3865C}" = protocol=6 | dir=in | app=c:\program files\windstream\service agent\servicepointservice.exe |
"{CB3C9A4A-A6E6-4A8A-8F2A-395B278B7F7A}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmpnetwk.exe |
"{CE065E6D-E679-49F0-A3C9-17546D4757E3}" = protocol=6 | dir=in | app=c:\users\rac2591\downloads\limewire\limewire.exe |
"{D033A292-496D-4E89-A168-B71F5C4253D5}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{D835198B-875D-40AD-95B5-2F2A5F041D78}" = protocol=17 | dir=in | app=c:\program files\windstream\service agent\servicepointservice.exe |
"{DEF60C89-FE5A-460B-97BA-EC27165BB21F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E110052E-9A3E-45DC-8004-0E4B795F2E74}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{E224746B-FBBE-43E1-B230-0F3AA935583B}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{E5B7AB15-A65C-4B60-B693-B2F3FD5028E6}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F40A93B9-58BA-4DF4-9F69-440639602633}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmpnetwk.exe |
"{F89AD54C-88B4-4494-B767-232BCA160895}" = protocol=6 | dir=in | app=c:\windows\system32\dlbkcoms.exe |
"{FD1CF25F-1A13-458D-BF99-B59A3B8DAF0A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{FF7F77AB-18CC-44F5-86FE-9091E00A1BB8}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"TCP Query User{07CFFDE6-D293-4636-92A0-CE5388A936C5}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{2204963B-91D0-44A9-B45C-173ED754546A}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=6 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"TCP Query User{2CB694BB-47A4-4D1D-A303-C773EBCB3C34}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{39AFA738-1CB6-4602-BB47-3E3DC8EE3108}C:\users\brad\appdata\roaming\myspace\im\bin\myspaceim.exe" = protocol=6 | dir=in | app=c:\users\brad\appdata\roaming\myspace\im\bin\myspaceim.exe |
"TCP Query User{5FF41D7D-903B-4C71-984E-66266FEEDB00}C:\program files\frostwire\frostwire.exe" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{654000DD-FC25-4A39-87D2-468188140645}C:\westwood\sun\game.icd" = protocol=6 | dir=in | app=c:\westwood\sun\game.icd |
"TCP Query User{69B8511C-24F8-46FE-AE82-AB8C6AFEB040}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{91E59647-FFAC-41B9-B4A3-584197177EA3}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"TCP Query User{A040ED97-92C5-4592-9996-B4DCF2110B82}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A089D9F4-6447-47C4-AF5E-D37A3C5442E2}C:\program files\floor covering soft\fep\floorestimatepro.exe" = protocol=6 | dir=in | app=c:\program files\floor covering soft\fep\floorestimatepro.exe |
"TCP Query User{C97CCC73-FCD7-41A6-BA2C-B64C97DCCCFD}C:\users\misty\appdata\roaming\myspace\im\bin\myspaceim.exe" = protocol=6 | dir=in | app=c:\users\misty\appdata\roaming\myspace\im\bin\myspaceim.exe |
"UDP Query User{0454950F-AD34-4855-8CC4-78A5438622BD}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"UDP Query User{1AF4FB28-A539-418A-B25A-3C7BCB8E943D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{364A758E-C3FB-468D-850D-B729E133E33D}C:\users\misty\appdata\roaming\myspace\im\bin\myspaceim.exe" = protocol=17 | dir=in | app=c:\users\misty\appdata\roaming\myspace\im\bin\myspaceim.exe |
"UDP Query User{48C7B202-D8BE-411D-99C1-BCD63F0E9CC7}C:\program files\floor covering soft\fep\floorestimatepro.exe" = protocol=17 | dir=in | app=c:\program files\floor covering soft\fep\floorestimatepro.exe |
"UDP Query User{784002F0-48C4-43D4-AC0C-D69D844187C1}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{7BC60674-E494-40ED-B1D3-18EC54AA4E72}C:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\yahoo! music jukebox\yahoomusicengine.exe |
"UDP Query User{8C286F80-BE02-4E35-9F2C-5797EA8B083D}C:\program files\frostwire\frostwire.exe" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"UDP Query User{9679573A-A34B-4601-975C-5213A797FF95}C:\program files\ringcentral\ringcentral call controller\rcui.exe" = protocol=17 | dir=in | app=c:\program files\ringcentral\ringcentral call controller\rcui.exe |
"UDP Query User{AD92920F-DBFB-4675-B6E5-F879D6283CE1}C:\westwood\sun\game.icd" = protocol=17 | dir=in | app=c:\westwood\sun\game.icd |
"UDP Query User{B04BAF62-C788-439B-9B02-E52A6431B05A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B36A0384-3304-41EC-9396-00ADCB7118D1}C:\users\brad\appdata\roaming\myspace\im\bin\myspaceim.exe" = protocol=17 | dir=in | app=c:\users\brad\appdata\roaming\myspace\im\bin\myspaceim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series" = Canon MP250 series MP Drivers
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{16DABD39-A174-4C6B-A2C4-A492E64933C8}" = AVG 2012
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41F4B3D2-3CC8-41B5-99B8-3A9C1BCDEA0A}" = AVG 2012
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{740ed830-8014-4714-abc4-dd98b8549419}" = Virtual Casino
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.11.0
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80F28669-97B7-4CC9-B256-1F1BCFB7FDCF}" = AVG 2012
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DBCF56A-CDF0-41bf-BE0F-E00A88B18F56}" = Cricket EVDO Modem
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.5
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BE7B959B-BEB0-456C-BB55-60F5EAD8E9B0}" = Cricket Broadband 1.0
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{E24A0015-C73F-4B57-B8DF-5EB84D2E9685}" = Adobe Flash Player 10 ActiveX
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC3B8CA2-49B8-4D38-BE9C-ABD0F6029168}" = Yahoo! Music Jukebox
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVG" = AVG 2012
"Canon MP250 series User Registration" = Canon MP250 series User Registration
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"DivX Setup.divx.com" = DivX Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ESET Online Scanner" = ESET Online Scanner v3
"FormMax Evaluation_is1" = FormMax Evaluation 3.5
"FrostWire" = FrostWire 4.21.5
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"IObit Malware Fighter_is1" = IObit Malware Fighter
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Virtual Technician" = McAfee Virtual Technician
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"MSC" = McAfee Internet Security
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NAVIGON Fresh" = NAVIGON Fresh 1.4.9
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"PCConfidential_is1" = PC Confidential 2008
"PROSetDX" = Intel® PRO Network Connections 12.1.11.0
"RadialpointClientGateway_is1" = Windstream Service Agent 4.1.10
"RadialpointHomeSecurityDashboard_is1" = Windstream Diagnostic Tools 3.0.21
"RadialpointSecurityAdvisorService_is1" = Radialpoint Security Advisor 2.5.15
"RealPlayer 12.0" = RealPlayer
"RingCentral" = RingCentral Call Controller
"SmartMusic for Essential Elements 2000 Band Book 1 Student Edition" = SmartMusic for Essential Elements 2000 Band Book 1 Student Edition
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"WildTangent wildgames Master Uninstall" = WildTangent Games
"Windstream_BCUC" = Windstream Broadband Check-up Center
"WinLiveSuite_Wave3" = Windows Live Essentials
"WTA-0b858a61-e5d8-4856-af71-690b9135ff7a" = Diego's Ultimate Rescue
"WTA-39776842-a5ae-4371-90b8-952e84680d4d" = Final Drive: Nitro
"WTA-3bef0332-65dd-4ca2-8090-7cd22ce115b1" = Deep Sea Tycoon
"WTA-3d93c0ad-d581-4f8a-a2d3-d34a00133d4f" = Eighteen Wheels of Steel Haulin'
"WTA-63f5754c-fae8-414a-8964-22643861fdb8" = Burger Bustle
"WTA-71f8236c-626c-4cce-a2a3-631764ca9f60" = Diego's Safari Adventure
"WTA-a4397a53-15da-4ee5-ae19-086231c35822" = Polar Tubing
"WTA-a64654e6-4370-424d-bbf6-904844876227" = 18 Wheels of Steel - American Long Haul
"WTA-b7466330-fa3c-4d24-a57f-8d999ed7c419" = Eighteen Wheels of Steel: Extreme Trucker 2
"WTA-b7de1873-0684-4de2-8135-129a14808410" = Dora's Carnival Adventure
"WTA-ef37bf4a-9287-4331-b9de-9505b2c110b2" = Prison Tycoon - Alcatraz
"WTA-fc4edf55-6320-4f41-bf23-6eeccbc465ac" = Diego's Dinosaur Adventure
"WTA-fd949dcb-e582-48cf-a6c5-c5602d0cc405" = Dora the Explorer - Swiper's Big Adventure
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-893073134-3612679996-1911689176-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"RadialpointServicepointDashboardExtensions_is1" = Radialpoint Servicepoint Dashboard Extensions version 11.7.24.5
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/27/2011 2:23:33 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:33 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:35 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:36 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:36 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 2:23:36 AM | Computer Name = rac2591-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 11/27/2011 10:50:19 AM | Computer Name = rac2591-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error - 11/27/2011 12:57:07 PM | Computer Name = rac2591-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

Error - 11/27/2011 4:02:22 PM | Computer Name = rac2591-PC | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.6002.18005, time stamp
0x49e01da5, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436,
exception code 0xc000071c, fault offset 0x00089715, process id 0x2ae0, application
start time 0x01ccad3f712bc376.

Error - 11/27/2011 4:07:16 PM | Computer Name = rac2591-PC | Source = CVHSVC | ID = 100
Description = Information only. Error: Cannot connect to SoftGrid Service Type: 95::SoftGridConfigurationFailure.

[ Media Center Events ]
Error - 5/20/2009 2:21:38 PM | Computer Name = rac2591-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 6/9/2009 1:53:40 PM | Computer Name = rac2591-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 7/16/2009 5:26:16 PM | Computer Name = rac2591-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 11/27/2011 12:56:38 PM | Computer Name = rac2591-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:46:40 AM on 11/27/2011 was unexpected.

Error - 11/27/2011 12:58:07 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/27/2011 12:58:07 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2011 12:58:07 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2011 12:58:28 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/27/2011 4:03:26 PM | Computer Name = rac2591-PC | Source = DCOM | ID = 10010
Description =

Error - 11/27/2011 4:08:09 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 11/27/2011 4:08:09 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2011 4:08:09 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/27/2011 4:09:00 PM | Computer Name = rac2591-PC | Source = Service Control Manager | ID = 7022
Description =

< End of report >

#3 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 02 December 2011 - 09:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image

In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/429630 <<< CLICK THIS LINK

If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image

If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
- Please do this even if you have previously posted logs for us.
- If you were unable to produce the logs originally please try once more.
- If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
- If you are unsure about any of these characteristics just post what you can and we will guide you.
Please tell us if you have your original Windows CD/DVD available.
Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
- DDS.scr
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explanation about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

Bleepin' Binary Bot

Group: Bots
Posts: 5,607
Joined: 05-October 07
Gender:Male

Posted 07 December 2011 - 09:15 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!