Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unwanted Pop-ups from HandyInternetAdvice on Firefox


  • This topic is locked This topic is locked
4 replies to this topic

#1 Sportzfreak98

Sportzfreak98

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 10 June 2009 - 12:12 AM

Hello,

Just the past day or two, I have been getting all these pop ups, and a very slow response from my firefox program. I found this site through a google search, and was wondering if you guys could help me out. Here's some things that may be useful:

RSIT log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by Brian at 2009-06-10 01:06:38
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 532 GB (76%) free of 700 GB
Total RAM: 4094 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:06:50 AM, on 6/10/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Windows\vVX3000.exe
C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
c:\PROGRA~2\mcafee\msc\mcuimgr.exe
C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
C:\Program Files (x86)\Zilla Popup Killer\ZillaPop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Brian\Downloads\RSIT.exe
c:\PROGRA~2\mcafee\mpf\mc\mpfalert.exe
C:\Program Files (x86)\trend micro\Brian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=ZillaPopupKiller:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files (x86)\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Ask.com Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HandyInternetAdvice - {DF037828-857E-D996-F703-F81E5C2A464C} - C:\Program Files (x86)\HandyInternetAdvice\HandyInternetAdvice.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: Ask.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Performance Center] "C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe" -m
O4 - HKLM\..\Run: [PC SpeedScan Pro] "C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" -m
O4 - HKLM\..\Run: [PC ScanAndSweep] "C:\Program Files (x86)\Ascentive\PC ScanAndSweep\PCScanAndSweep.exe" -m
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Zilla Popup Killer] C:\Program Files (x86)\Zilla Popup Killer\ZillaPop.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\Program Files (x86)\OpinionSquare\opai.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13867 bytes

======Scheduled tasks folder======

C:\Windows\tasks\McDefragTask.job
C:\Windows\tasks\MCE Tunes Auto Sync.job
C:\Windows\tasks\McQcTask.job
C:\Windows\tasks\RtlNICDiagVistaStart.job
C:\Windows\tasks\User_Feed_Synchronization-{20D786F1-A64A-4D53-9976-8AB1B9698033}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{377C180E-6F0E-4D4C-980F-F45BD3D40CF4}]
McAfee Phishing Filter - c:\PROGRA~2\mcafee\msk\mcapbho.dll [2007-11-26 324936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4DF1DB24-A57C-11d3-A180-00A0C90AE44B}]
CookieHlprObj Class - C:\Program Files (x86)\Zilla Popup Killer\ZillaBHO.dll [2000-04-27 69632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-15 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]
AIM Toolbar Loader - C:\Program Files (x86)\AIM Toolbar\aimtb.dll [2008-10-07 1275176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-29 470512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files (x86)\Dell\BAE\BAE.dll [2006-11-09 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask.com Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2009-02-26 809864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2009-05-04 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DF037828-857E-D996-F703-F81E5C2A464C}]
HandyInternetAdvice - C:\Program Files (x86)\HandyInternetAdvice\HandyInternetAdvice.dll [2009-06-03 154112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files (x86)\AIM Toolbar\aimtb.dll [2008-10-07 1275176]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll [2009-04-29 259696]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask.com Toolbar - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2009-02-26 809864]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Java\jre6\bin\jusched.exe [2009-05-04 148888]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"mcagent_exe"=C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2008-05-23 128296]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"Performance Center"=C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe [2008-05-16 3231744]
"PC SpeedScan Pro"=C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe [2008-08-21 2093056]
"PC ScanAndSweep"=C:\Program Files (x86)\Ascentive\PC ScanAndSweep\PCScanAndSweep.exe [2008-10-06 2519040]
"LifeCam"=C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [2007-05-17 279912]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-01-05 413696]
"SSBkgdUpdate"=C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"IndexSearch"=C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"PPort11reminder"=C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [2008-04-11 1085440]
"ControlCenter3"=C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [2007-12-21 86016]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2009-04-02 342312]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2009-05-26 414480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SightSpeed"=C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe [2008-08-15 4812664]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"Aim6"= []
"MsnMsgr"=C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe [2007-10-18 5724184]
"igndlm.exe"=C:\Program Files (x86)\Download Manager\DLM.exe [2008-08-01 1103216]
"swg"=C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-11-04 68856]
"Steam"=c:\program files (x86)\steam\steam.exe [2009-06-01 1217784]
"ManyCam"=C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe [2009-04-17 1824040]
"WMPNSCFG"=C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe []
"Zilla Popup Killer"=C:\Program Files (x86)\Zilla Popup Killer\ZillaPop.exe [2006-05-03 524288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Program Files (x86)\OpinionSquare\opai.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"NoActiveDesktopChanges"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{639c8e46-3e4d-11de-8c9b-002170453a65}]
shell\AutoRun\command - K:\LaunchU3.exe -a


======List of files/folders created in the last 1 months======

2009-06-10 01:06:38 ----D---- C:\rsit
2009-06-10 01:06:38 ----D---- C:\Program Files (x86)\trend micro
2009-06-10 00:59:59 ----D---- C:\Users\Brian\AppData\Roaming\Malwarebytes
2009-06-10 00:59:55 ----D---- C:\ProgramData\Malwarebytes
2009-06-10 00:59:54 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2009-06-10 00:58:00 ----SHD---- C:\Config.Msi
2009-06-09 15:17:44 ----A---- C:\Windows\hdd.ini
2009-06-09 15:17:43 ----D---- C:\Users\Brian\AppData\Roaming\R-Wipe&Clean
2009-06-09 15:17:43 ----D---- C:\Program Files (x86)\R-Wipe&Clean
2009-06-09 15:15:39 ----D---- C:\Program Files (x86)\Zilla Popup Killer
2009-06-07 20:34:05 ----D---- C:\Users\Brian\AppData\Roaming\U3
2009-06-04 13:37:02 ----HD---- C:\Windows\PIF
2009-06-04 13:37:02 ----D---- C:\Program Files (x86)\PlayMP3z
2009-06-04 13:37:02 ----D---- C:\Program Files (x86)\HandyInternetAdvice
2009-06-01 04:29:25 ----D---- C:\Program Files (x86)\Common Files\Adobe AIR
2009-05-31 18:30:17 ----D---- C:\ProgramData\NOS
2009-05-31 18:30:15 ----D---- C:\Program Files (x86)\NOS
2009-05-23 23:31:37 ----D---- C:\Users\Brian\AppData\Roaming\LimeWire

======List of files/folders modified in the last 1 months======

2009-06-10 01:06:50 ----D---- C:\Windows\Prefetch
2009-06-10 01:06:49 ----D---- C:\Windows\Temp
2009-06-10 01:06:38 ----RD---- C:\Program Files (x86)
2009-06-10 00:59:56 ----D---- C:\Windows\system32\drivers
2009-06-10 00:59:55 ----D---- C:\ProgramData
2009-06-10 00:58:15 ----SHD---- C:\Windows\Installer
2009-06-10 00:58:14 ----D---- C:\Program Files (x86)\Nokia
2009-06-10 00:58:14 ----D---- C:\Program Files (x86)\Common Files
2009-06-10 00:58:02 ----D---- C:\Windows\inf
2009-06-10 00:05:28 ----SHD---- C:\System Volume Information
2009-06-09 15:17:44 ----D---- C:\Windows\SysWOW64
2009-06-09 15:17:44 ----D---- C:\Windows
2009-06-09 15:04:30 ----D---- C:\Windows\System32
2009-06-09 14:13:27 ----D---- C:\Users\Brian\AppData\Roaming\Mozilla
2009-06-09 14:13:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2009-06-09 01:45:51 ----D---- C:\Windows\Minidump
2009-06-09 01:44:31 ----D---- C:\Program Files (x86)\EA GAMES
2009-06-09 01:42:55 ----D---- C:\Windows\Tasks
2009-06-09 01:42:29 ----D---- C:\Program Files (x86)\Steam
2009-06-09 00:36:12 ----D---- C:\Users\Brian\AppData\Roaming\FMZilla
2009-06-08 19:26:06 ----A---- C:\Windows\ntbtlog.txt
2009-06-04 13:37:23 ----D---- C:\Program Files (x86)\Windows Media Player
2009-06-03 03:00:22 ----D---- C:\Windows\winsxs
2009-06-02 07:58:38 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2009-06-01 11:51:08 ----D---- C:\Program Files (x86)\Common Files\Steam
2009-06-01 04:29:36 ----SD---- C:\Windows\Downloaded Program Files
2009-06-01 04:29:33 ----D---- C:\Program Files (x86)\Adobe
2009-06-01 04:29:26 ----D---- C:\ProgramData\Adobe
2009-06-01 04:23:52 ----SHD---- C:\$Recycle.Bin
2009-06-01 04:23:02 ----RD---- C:\Users
2009-05-31 18:33:48 ----D---- C:\Program Files (x86)\Common Files\Adobe
2009-05-23 23:24:37 ----D---- C:\downloads
2009-05-14 03:01:05 ----D---- C:\Program Files (x86)\Windows Mail
2009-05-14 03:00:54 ----D---- C:\ProgramData\Microsoft Help
2009-05-14 03:00:51 ----RSD---- C:\Windows\assembly
2009-05-11 13:53:10 ----D---- C:\Users\Brian\AppData\Roaming\Move Networks

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 mfehidk;McAfee Inc. mfehidk; C:\Windows\system32\drivers\mfehidk.sys []
R1 MPFP;MPFP; C:\Windows\System32\Drivers\Mpfp.sys []
R2 RtNdPt60;Realtek NDIS Protocol Driver; C:\Windows\system32\DRIVERS\RtNdPt60.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam_x64.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\Windows\system32\drivers\mfeavfk.sys []
R3 mfesmfk;McAfee Inc. mfesmfk; C:\Windows\system32\drivers\mfesmfk.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\Windows\system32\DRIVERS\BrSerIf.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032e.sys []
S3 mferkdk;McAfee Inc. mferkdk; C:\Windows\system32\drivers\mferkdk.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys []
S3 UMPass;Microsoft UMPass Driver; C:\Windows\system32\DRIVERS\umpass.sys []
S3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 VX3000;VX-3000; C:\Windows\system32\DRIVERS\VX3000.sys []
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AERTFilters;Andrea RT Filters Service; C:\Windows\system32\AERTSr64.exe []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe []
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 DockLoginService;Dock Login Service; C:\Program Files\Dell\DellDock\DockLogin.exe [2008-08-22 214016]
R2 mcmscsvc;McAfee Services; C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-12-11 358224]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 153408]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 MSCamSvc;MSCamSvc; C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe [2007-05-17 443752]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files (x86)\McAfee\MSK\MskSrver.exe [2007-11-26 23880]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2008-01-20 21504]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R3 iPod Service;iPod Service; C:\Program Files (x86)\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2009-06-01 322032]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-01-20 93696]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [2008-07-04 164600]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-29 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 702792]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2009-03-04 621056]
S3 stllssvr;stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2008-03-24 74384]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

-----------------EOF-----------------

and RSIT info.txt

info.txt logfile of random's system information tool 1.06 2009-06-10 01:06:52

======Uninstall list======

-->"C:\Program Files (x86)\WildTangent\Dell Games\Bejeweled 2 Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Blasterball 2 Revolution\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Build-a-lot 2\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Chuzzle Deluxe\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Dream Chronicles\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\FATE\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Polar Bowler\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Polar Golfer\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Polar Pool\Uninstall.exe"
-->"C:\Program Files (x86)\WildTangent\Dell Games\Virtual Villagers - The Secret City\Uninstall.exe"
-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {00C5525B-3CB3-467D-8100-2E6FB306CD86}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-002A-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0116-0409-1000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}
2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AIM 6-->C:\Program Files (x86)\AIM6\uninst.exe
AIM Toolbar-->"C:\Program Files (x86)\AIM Toolbar\uninstall.exe"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Ask Toolbar-->MsiExec.exe /I{86D4B82A-ABED-442A-BE86-96357B70F4FE}
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x9
Brother MFL-Pro Suite MFC-490CW-->"C:\Program Files (x86)\InstallShield Installation Information\{D9461574-5FC0-4641-BBDC-D1038B196F55}\Setup.exe" -runfromtemp -l0x0009 UNINSTALL Reg=BH9_C2 -removeonly
Browser Address Error Redirector-->MsiExec.exe /I{62230596-37E5-4618-A329-0D21F529A86F}
Browser Address Error Redirector-->regsvr32 /u /s "C:\Program Files (x86)\Dell\BAE\BAE.dll"
Dell Best of Web-->MsiExec.exe /I{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}
Dell Getting Started Guide-->MsiExec.exe /I{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}
Dell Video Chat (remove only)-->C:\Program Files (x86)\Dell Video Chat\uninst.exe
DELL0604-->MsiExec.exe /I{3D8F9830-D6A3-413A-9A54-993827A73E47}
Dell-eBay-->MsiExec.exe /I{B935C985-A17F-484B-8470-09E4FC27DC26}
DivX Codec-->C:\Program Files (x86)\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files (x86)\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files (x86)\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files (x86)\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files (x86)\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Download Manager 2.3.7-->C:\Program Files (x86)\Download Manager\uninst.exe
Download Updater (AOL LLC)-->C:\Program Files (x86)\Common Files\Software Update Utility\uninstall.exe
Dream Render 2.20-->"C:\Program Files\DreamRender\unins000.exe"
EDocs-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}\setup.exe"
FFHandyInternetAdvice-->C:\Program Files (x86)\Mozilla Firefox\extensions\HandyInternetAdvice@HandyInternetAdvice\uninstall.exe uninstall=handyinternetadviceff
Google Toolbar for Internet Explorer-->"C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarManager_BDA1448D3D255554.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Java™ 6 Update 13-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.4 (remove only)-->"C:\Program Files (x86)\ManyCam 2.4\uninstall.exe"
McAfee SecurityCenter-->C:\Program Files (x86)\McAfee\MSC\mcuninst.exe
Medieval II Total War-->"C:\Program Files (x86)\InstallShield Installation Information\{A9D0745C-BABD-472B-8AF0-FAF888D31046}\setup.exe" -runfromtemp -l0x0009 -removeonly
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft LifeCam-->MsiExec.exe /X{63AFACBC-4795-4A1B-8037-5085DC03FC54}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISER /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{91120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.10)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86-->MsiExec.exe /I{212748BB-0DA5-46DE-82A1-403736DC9F27}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML4 Parser-->MsiExec.exe /I{01501EBA-EC35-4F9F-8889-3BE346E5DA13}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{82427977-8776-4087-90CA-9F65174D3C4D}
PC Connectivity Solution-->MsiExec.exe /I{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}
PC ScanAndSweep-->C:\Program Files (x86)\InstallShield Installation Information\{323C7763-A048-4E06-A339-729632A3F95E}\setup.exe -runfromtemp -l0x0009 -removeonly
PC SpeedScan Pro-->C:\Program Files (x86)\InstallShield Installation Information\{80F24F31-F641-4349-83F3-59E335976D16}\setup.exe -runfromtemp -l0x0009 -removeonly
Performance Center-->C:\Program Files (x86)\InstallShield Installation Information\{BB05BD70-4605-4829-93FC-AD80D8CC5B66}\setup.exe -runfromtemp -l0x0009 -removeonly
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
PlayMP3z-->C:\Program Files (x86)\PlayMP3z\uninstall.exe uninstall=playmp3z
PowerDVD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -l0x9 -cluninstall
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Realtek Ethernet Network Card Diagnostic tool for Windows Vista-->C:\Program Files (x86)\InstallShield Installation Information\{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}\setup.exe -runfromtemp -l0x0009 -removeonly
Realtek High Definition Audio Driver-->RtlUpd64.exe -r -m -nrg2709
Roxio Creator Audio-->MsiExec.exe /I{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}
Roxio Creator Copy-->MsiExec.exe /I{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}
Roxio Creator Data-->MsiExec.exe /I{08E81ABD-79F7-49C2-881F-FD6CB0975693}
Roxio Creator DE-->C:\ProgramData\Uninstall\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}\setup.exe /x {09760D42-E223-42AD-8C3E-55B47D0DDAC3}
Roxio Creator DE-->MsiExec.exe /I{ED439A64-F018-4DD4-8BA5-328D85AB09AB}
Roxio Creator Tools-->MsiExec.exe /I{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}
Roxio Express Labeler 3-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
R-Wipe&Clean 8.6-->"C:\Program Files (x86)\R-Wipe&Clean\unins000.exe"
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951550)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {B243E9A5-ED77-4F1B-B338-2486FD82DC85}
Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7}
Security Update for 2007 Microsoft Office System (KB960003)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F04F8702-18D0-458D-921E-146FB7CD38CF}
Security Update for Microsoft Office Excel 2007 (KB959997)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {9EAC3AEC-5C81-4856-A05B-DE9DC236D740}
Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB950114)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {F9C3CDBA-1F00-4D4D-959D-75C9D3ACDD85}
Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F}
Security Update for Microsoft Office system 2007 (KB956828)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {885E081B-72BD-4E76-8E98-30B4BE468FAC}
Security Update for Microsoft Office Word 2007 (KB956358)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4551666D-0FD6-4C69-8A81-1C6F2E64517C}
Spyware Striker-->C:\Program Files (x86)\InstallShield Installation Information\{E8B0BD86-073B-4D7E-B0F1-CC37E70014D4}\setup.exe -runfromtemp -l0x0009 -removeonly
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
TBS WMP Plug-in-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{13515135-48BB-4184-8C1F-2FAE0138E200}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft Office 2007 Help for Common Features (KB963673)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {AB365889-0395-4FAD-B702-CA5985D53D42}
Update for Microsoft Office Access 2007 Help (KB963663)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}
Update for Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {199DF7B6-169C-448C-B511-1054101BE9C9}
Update for Microsoft Office Infopath 2007 Help (KB963662)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {716B81B8-B13C-41DF-8EAC-7A2F656CAB63}
Update for Microsoft Office OneNote 2007 Help (KB963670)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2744EF05-38E1-4D5D-B333-E021EDAEA245}
Update for Microsoft Office Outlook 2007 (KB952142)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {4AD3A076-427C-491F-A5B7-7D1DE788A756}
Update for Microsoft Office Outlook 2007 Help (KB957246)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {6F0E4983-E419-4591-B7DD-EFB0073D3E47}
Update for Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {397B1D4F-ED7B-4ACA-A637-43B670843876}
Update for Microsoft Office Publisher 2007 Help (KB963667)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2E40DE55-B289-4C8B-8901-5D369B16814F}
Update for Microsoft Office Script Editor Help (KB963671)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {CD11C6A2-FFC6-4271-8EAB-79C3582F505C}
Update for Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {80E762AA-C921-4839-9D7D-DB62A72C0726}
Update for Outlook 2007 Junk Email Filter (kb968503)-->msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {5DD98950-4D10-4B79-8BF6-59726705207D}
Viewpoint Media Player-->C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Warhammer 40,000: Dawn of War II-->"C:\Program Files (x86)\Steam\steam.exe" steam://uninstall/15620
WildTangent Games-->"C:\Program Files (x86)\WildTangent\Dell Games\Uninstall.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger-->MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Zilla Popup Killer 5.0.0.0-->"C:\Program Files (x86)\Zilla Popup Killer\unins000.exe"

======Hosts File======

127.0.0.1 ZillaPopupKiller
127.0.0.1 123banners.com
127.0.0.1 control.123banners.com
127.0.0.1 ftp.123banners.com
127.0.0.1 ftp.control.123banners.com
127.0.0.1 www.123banners.com
127.0.0.1 247media.com
127.0.0.1 agami.247media.com
127.0.0.1 ap.www.sabela.com
127.0.0.1 au.www.sabela.com

======Security center information======

AS: Windows Defender

======System event log======

Computer Name: Brian-PC
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
Record Number: 34344
Source Name: Tcpip
Time Written: 20090609194429.757356-000
Event Type: Warning
User:

Computer Name: Brian-PC
Event Code: 36
Message: The time service has not synchronized the system time for 86400 seconds because none of the time service providers provided a usable time stamp. The time service will not update the local system time until it is able to synchronize with a time source. If the local system is configured to act as a time server for clients, it will stop advertising as a time source to clients. The time service will continue to retry and sync time with its time sources. Check system event log for other W32time events for more details. Run 'w32tm /resync' to force an instant time synchronization.
Record Number: 34352
Source Name: Microsoft-Windows-Time-Service
Time Written: 20090609232801.000000-000
Event Type: Warning
User:

Computer Name: Brian-PC
Event Code: 10000
Message: Unable to start a DCOM Server: {2692A9D5-61DF-46D5-A5A1-A6CCA921D578}. The error:
"786"
Happened while starting this command:
"C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe" -Embedding
Record Number: 34364
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20090610040004.000000-000
Event Type: Error
User:

Computer Name: Brian-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {8AAE7DE7-2169-4498-A239-1F17F56DCE2F}
User: Brian-PC\Brian
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: file:C:\Windows\system32\drivers\etc\hosts
Alert Type: Unclassified software
Detection Type:
Record Number: 34371
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090610043206.000000-000
Event Type: Warning
User:

Computer Name: Brian-PC
Event Code: 3004
Message: Windows Defender Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. Windows Defender can't undo changes that you allow.
For more information please see the following:
Not Applicable
Scan ID: {F1DF8B1E-EC30-4AB7-A160-A68BAF6B9280}
User: Brian-PC\Brian
Name: Unknown
ID:
Severity ID:
Category ID:
Path Found: regkey:HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware;runonce:HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\\Malwarebytes' Anti-Malware;file:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Alert Type: Unclassified software
Detection Type:
Record Number: 34378
Source Name: Microsoft-Windows-Windows Defender
Time Written: 20090610050000.000000-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Brian-PC
Event Code: 4621
Message: The COM+ Event System could not remove the EventSystem.EventSubscription object {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The HRESULT was 80070005.
Record Number: 5186
Source Name: Microsoft-Windows-EventSystem
Time Written: 20090609044026.000000-000
Event Type: Error
User:

Computer Name: Brian-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
20 user registry handles leaked from \Registry\User\S-1-5-21-895920143-1221994733-1013656619-1002:
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002
Process 800 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\SystemCertificates\trust
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\SystemCertificates\CA
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Policies\Microsoft\SystemCertificates
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Policies\Microsoft\SystemCertificates
Process 800 (\Device\HarddiskVolume3\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 824 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\SystemCertificates\SmartCardRoot
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Policies
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Policies
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\Windows NT\CurrentVersion\Network\Location Awareness
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\SystemCertificates\My
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\SystemCertificates\My
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Process 1000 (\Device\HarddiskVolume3\Windows\System32\svchost.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002\Software\Microsoft\SystemCertificates\Root

Record Number: 5188
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090609044028.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Brian-PC
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-895920143-1221994733-1013656619-1002_Classes:
Process 1488 (\Device\HarddiskVolume3\Windows\System32\spoolsv.exe) has opened key \REGISTRY\USER\S-1-5-21-895920143-1221994733-1013656619-1002_CLASSES\Local Settings\Software\Microsoft\Windows\Shell\MuiCache

Record Number: 5190
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20090609044028.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: Brian-PC
Event Code: 10010
Message: Application 'C:\Program Files (x86)\Proxure\MCE Tunes Pro\MCETunesExtenderSupport.exe' (pid 4772) cannot be restarted - Application SID does not match Conductor SID..
Record Number: 5193
Source Name: Microsoft-Windows-RestartManager
Time Written: 20090609054335.617356-000
Event Type: Warning
User: Brian-PC\Brian

Computer Name: Brian-PC
Event Code: 1002
Message: The program firefox.exe version 1.9.0.3399 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: cb4 Start Time: 01c9e93b98ce37ac Termination Time: 7
Record Number: 5210
Source Name: Application Hang
Time Written: 20090609195945.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Brian-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: BRIAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 13162
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610041357.236000-000
Event Type: Audit Success
User:

Computer Name: Brian-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 13163
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610041357.236000-000
Event Type: Audit Success
User:

Computer Name: Brian-PC
Event Code: 4648
Message: A logon was attempted using explicit credentials.

Subject:
Security ID: S-1-5-18
Account Name: BRIAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Account Whose Credentials Were Used:
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon GUID: {00000000-0000-0000-0000-000000000000}

Target Server:
Target Server Name: localhost
Additional Information: localhost

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Network Address: -
Port: -

This event is generated when a process attempts to log on an account by explicitly specifying that account’s credentials. This most commonly occurs in batch-type configurations such as scheduled tasks, or when using the RUNAS command.
Record Number: 13164
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610045731.276000-000
Event Type: Audit Success
User:

Computer Name: Brian-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-5-18
Account Name: BRIAN-PC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Logon Type: 5

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x268
Process Name: C:\Windows\System32\services.exe

Network Information:
Workstation Name:
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 13165
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610045731.276000-000
Event Type: Audit Success
User:

Computer Name: Brian-PC
Event Code: 4672
Message: Special privileges assigned to new logon.

Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7

Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 13166
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090610045731.276000-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\DLLShared\;C:\Program Files (x86)\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 15 Stepping 11, GenuineIntel
"PROCESSOR_REVISION"=0f0b
"NUMBER_OF_PROCESSORS"=4
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\34FB5F65-FFEB-4B61-BF0E-A6A76C450FAA\TraceFormat
"DFSTRACINGON"=FALSE
"RoxioCentral"=C:\Program Files (x86)\Common Files\Roxio Shared\10.0\Roxio Central36\
"CLASSPATH"=.;C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files (x86)\Java\jre1.6.0_07\lib\ext\QTJava.zip

-----------------EOF-----------------

BC AdBot (Login to Remove)

 


#2 Sportzfreak98

Sportzfreak98
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 10 June 2009 - 12:31 AM

Goored Log

GooredFix v1.92 by jpshortstuff
Log created at 01:13 on 10/06/2009 running Option #1 (Brian)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files (x86)\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files (x86)\Mozilla Firefox\components"


MBAM Log

Malwarebytes' Anti-Malware 1.37
Database version: 2256
Windows 6.0.6001 Service Pack 1

6/10/2009 1:19:59 AM
mbam-log-2009-06-10 (01-19-59).txt

Scan type: Quick Scan
Objects scanned: 90397
Time elapsed: 2 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Windows\SysWOW64\SysRestore.dll (Adware.Ascentive) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\TypeLib\{497dddb6-6eee-4561-9621-b77dc82c1f84} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4e980492-027b-47f1-a7ab-ab086dacbb9e} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ead8321-fcbb-4c3f-888c-ac373d366c3f} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{31f3cf6e-a71a-4daa-852b-39ac230940b4} (Adware.Ascentive) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\SysWOW64\SysRestore.dll (Adware.Ascentive) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files (x86)\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
c:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

Files Infected:
C:\Windows\SysWOW64\SysRestore.dll (Adware.Ascentive) -> Delete on reboot.
c:\Windows\System32\SysRestore.dll (Adware.Ascentive) -> Delete on reboot.
c:\program files (x86)\PlayMP3z\PlayMP3.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
c:\program files (x86)\PlayMP3z\uninstall.exe (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
c:\Users\Brian\AppData\Roaming\microsoft\Windows\start menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PlayMP3Z) -> Quarantined and deleted successfully.

OTListIT.txt

OTL logfile created on: 6/10/2009 1:28:40 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Brian\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.57% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 519.78 Gb Free Space | 76.04% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.47 Gb Free Space | 56.49% Space Free | Partition Type: NTFS
Drive E: | 494.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.62 Gb Total Space | 1.60 Gb Free Space | 44.26% Space Free | Partition Type: FAT32

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2007/12/11 13:33:42 | 00,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
PRC - [2007/07/18 16:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
PRC - [2007/11/26 11:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
PRC - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
PRC - [2008/01/09 17:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
PRC - [2007/11/01 20:12:38 | 00,582,992 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
PRC - [2007/04/10 17:46:35 | 00,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2008/08/15 17:03:50 | 04,812,664 | ---- | M] (Dell Inc. and SightSpeed Inc.) -- C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe
PRC - [2007/10/18 12:34:02 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/11/04 00:00:55 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/06/01 04:29:55 | 01,217,784 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2009/04/17 02:19:22 | 01,824,040 | ---- | M] (ManyCam LLC) -- C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe
PRC - [2006/05/03 18:15:12 | 00,524,288 | ---- | M] (ZillaSoft) -- C:\Program Files (x86)\Zilla Popup Killer\ZillaPop.exe
PRC - [2009/05/04 21:40:23 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe
PRC - [2008/05/23 15:06:08 | 00,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/10/11 19:03:10 | 00,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2008/04/11 14:13:52 | 01,085,440 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2008/04/11 15:46:44 | 00,835,584 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
PRC - [2008/01/31 17:29:06 | 00,196,608 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/04/02 16:10:58 | 13,646,632 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunes.exe
PRC - [2009/04/24 00:38:11 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009/06/01 04:30:45 | 00,322,032 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
PRC - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
PRC - [2007/11/01 20:12:38 | 00,265,040 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\MSC\mcuimgr.exe
PRC - [2009/06/10 01:28:00 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Downloads\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/07/18 08:42:16 | 00,086,016 | ---- | M] () -- C:\Windows\sysnative\AERTSr64.exe -- (AERTFilters [Auto | Running])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/24 07:49:06 | 00,881,664 | ---- | M] () -- C:\Windows\sysnative\Ati2evxx.exe -- (Ati External Event Utility [Auto | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/01/20 22:50:58 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/01/20 22:50:38 | 00,093,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/08/22 19:31:54 | 00,214,016 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService [Auto | Running])
SRV - [2008/01/20 22:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 22:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 11:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2008/01/20 22:51:57 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/07/04 19:17:48 | 00,164,600 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/04/29 20:07:40 | 00,182,768 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/01/20 22:51:49 | 00,921,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2008/01/09 17:50:22 | 00,767,976 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc [Auto | Running])
SRV - [2008/01/25 02:38:12 | 02,458,128 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc [Auto | Running])
SRV - [2007/11/07 10:35:40 | 00,702,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS [On_Demand | Stopped])
SRV - [2007/12/11 13:33:42 | 00,358,224 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy [Auto | Running])
SRV - [2007/07/24 13:01:38 | 00,153,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield [Unknown | Running])
SRV - [2007/12/05 11:04:10 | 00,695,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe -- (McSysmon [On_Demand | Running])
SRV - [2007/08/24 07:59:20 | 00,068,464 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2007/07/18 16:54:42 | 00,856,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe -- (MpfService [Auto | Running])
SRV - [2007/05/17 17:45:33 | 00,443,752 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc [Auto | Running])
SRV - [2007/11/26 11:46:14 | 00,023,880 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee\MSK\MskSrver.exe -- (MSK80Service [Auto | Running])
SRV - [2008/01/20 22:51:53 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2007/08/24 04:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/01/20 22:51:00 | 00,019,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\perfhost.exe -- (PerfHost [On_Demand | Stopped])
SRV - [2009/03/04 11:25:12 | 00,621,056 | ---- | M] (Nokia.) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2009/06/01 04:30:45 | 00,322,032 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service [On_Demand | Running])
SRV - [2008/03/24 08:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2007/10/18 12:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2007/01/04 17:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])
SRV - [2007/10/25 16:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped])
SRV - [2008/01/20 22:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2008/07/24 07:49:08 | 04,310,528 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV - [2006/12/12 02:29:02 | 00,097,280 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\BrSerIf.sys -- (BrSerIf [On_Demand | Stopped])
DRV - [2008/01/20 22:46:55 | 00,317,952 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\e1e6032e.sys -- (e1express [On_Demand | Stopped])
DRV - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2006/11/02 01:28:10 | 00,273,920 | ---- | M] () -- C:\Windows\sysnative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Running])
DRV - [2008/07/15 08:14:10 | 00,395,288 | ---- | M] () -- C:\Windows\sysnative\drivers\iastor.sys -- (iaStor [Disabled | Stopped])
DRV - [2008/03/13 03:46:00 | 00,027,136 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\ManyCam_x64.sys -- (ManyCam [On_Demand | Running])
DRV - [2007/11/22 07:44:08 | 00,101,960 | ---- | M] () -- C:\Windows\sysnative\drivers\mfeavfk.sys -- (mfeavfk [On_Demand | Running])
DRV - [2007/11/22 07:44:08 | 00,293,192 | ---- | M] () -- C:\Windows\sysnative\drivers\mfehidk.sys -- (mfehidk [System | Running])
DRV - [2007/11/22 07:43:40 | 00,040,392 | ---- | M] () -- C:\Windows\sysnative\drivers\mferkdk.sys -- (mferkdk [On_Demand | Stopped])
DRV - [2007/12/02 13:51:42 | 00,049,480 | ---- | M] () -- C:\Windows\sysnative\drivers\mfesmfk.sys -- (mfesmfk [On_Demand | Running])
DRV - [2007/07/13 07:21:36 | 00,173,072 | ---- | M] () -- C:\Windows\sysnative\Drivers\Mpfp.sys -- (MPFP [System | Running])
DRV - [2008/08/28 12:44:42 | 00,025,600 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd [On_Demand | Stopped])
DRV - [2007/11/14 04:00:00 | 00,053,488 | ---- | M] () -- C:\Windows\sysnative\Drivers\PxHlpa64.sys -- (PxHlpa64 [Boot | Running])
DRV - [2008/07/24 07:49:08 | 04,310,528 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV - [2008/07/10 07:28:50 | 00,170,496 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV - [2008/07/21 07:18:30 | 00,026,624 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\RtNdPt60.sys -- (RtNdPt60 [Auto | Running])
DRV - [2008/01/20 22:50:35 | 00,009,728 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\umpass.sys -- (UMPass [On_Demand | Stopped])
DRV - [2009/03/05 23:59:00 | 00,044,544 | ---- | M] () -- C:\Windows\sysnative\Drivers\usbaapl64.sys -- (USBAAPL64 [On_Demand | Running])
DRV - [2008/01/20 22:47:04 | 00,098,816 | ---- | M] () -- C:\Windows\sysnative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2007/04/10 17:46:36 | 02,105,192 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\VX3000.sys -- (VX3000 [On_Demand | Stopped])
DRV - [2009/04/08 14:28:46 | 00,068,992 | ---- | M] () -- C:\Windows\sysnative\DRIVERS\xusb21.sys -- (xusb21 [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local



IE - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\S-1-5-21-895920143-1221994733-1013656619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\S-1-5-21-895920143-1221994733-1013656619-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:5.0.20090324W
FF - prefs.js..extensions.enabledItems: HandyInternetAdvice@HandyInternetAdvice:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [2009/06/09 14:13:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2009/06/09 14:13:23 | 00,000,000 | ---D | M]

[2009/06/09 14:13:27 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\mozilla\Extensions
[2009/06/09 14:13:27 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/05/23 23:32:04 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2009/06/09 15:13:01 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\mozilla\Firefox\Profiles\zyto8mnk.default\extensions
[2009/06/09 15:02:47 | 00,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\mozilla\Firefox\Profiles\zyto8mnk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/09 14:13:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2009/06/09 14:13:23 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/04 21:40:40 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/06/04 13:37:02 | 00,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\HandyInternetAdvice@HandyInternetAdvice
[2009/04/24 00:38:30 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2009/04/24 00:38:32 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2009/04/23 20:39:08 | 00,001,394 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/23 20:39:08 | 00,002,193 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
[2009/04/23 20:39:08 | 00,001,534 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/23 20:39:08 | 00,002,343 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay.xml
[2009/04/23 20:39:08 | 00,001,706 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2009/04/23 20:39:08 | 00,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia.xml
[2009/04/23 20:39:08 | 00,000,792 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (436733 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ZillaPopupKiller
O1 - Hosts: 127.0.0.1 123banners.com
O1 - Hosts: 127.0.0.1 control.123banners.com
O1 - Hosts: 127.0.0.1 ftp.123banners.com
O1 - Hosts: 127.0.0.1 ftp.control.123banners.com
O1 - Hosts: 127.0.0.1 www.123banners.com
O1 - Hosts: 127.0.0.1 247media.com
O1 - Hosts: 127.0.0.1 agami.247media.com
O1 - Hosts: 127.0.0.1 ap.www.sabela.com
O1 - Hosts: 127.0.0.1 au.www.sabela.com
O1 - Hosts: 127.0.0.1 exchange.247media.com
O1 - Hosts: 127.0.0.1 ftp.247media.com
O1 - Hosts: 127.0.0.1 FW-1250.247media.com
O1 - Hosts: 127.0.0.1 gw-7200-1250.247media.com
O1 - Hosts: 127.0.0.1 helpdesk.247media.com
O1 - Hosts: 127.0.0.1 host12.247media.com
O1 - Hosts: 127.0.0.1 ns.netsol.com
O1 - Hosts: 127.0.0.1 ns1.247media.com
O1 - Hosts: 127.0.0.1 sol.247media.com
O1 - Hosts: 127.0.0.1 uk.www.sabela.com
O1 - Hosts: 127.0.0.1 us.www.sabela.com
O1 - Hosts: 127.0.0.1 was.www.sabela.com
O1 - Hosts: 127.0.0.1 www.247media.com
O1 - Hosts: 127.0.0.1 www.sabela.com
O1 - Hosts: 14187 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Program Files (x86)\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (CookieHlprObj Class) - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files (x86)\Zilla Popup Killer\ZillaBHO.dll (BulletProofSoft)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (HandyInternetAdvice) - {DF037828-857E-D996-F703-F81E5C2A464C} - C:\Program Files (x86)\HandyInternetAdvice\HandyInternetAdvice.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BrMfcWnd] "C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" /AUTORUN (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] "C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe" /autorun (Brother Industries, Ltd.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IndexSearch] "C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey (McAfee, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] "C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PC ScanAndSweep] "C:\Program Files (x86)\Ascentive\PC ScanAndSweep\PCScanAndSweep.exe" -m (Ascentive LLC)
O4 - HKLM..\Run: [PC SpeedScan Pro] "C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe" -m (Ascentive LLC)
O4 - HKLM..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Performance Center] "C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe" -m (Ascentive)
O4 - HKLM..\Run: [PPort11reminder] "C:\Program Files (x86)\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini" (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter File not found
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [Aim6] File not found
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork (IGN Entertainment)
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [ManyCam] "C:\Program Files (x86)\ManyCam 2.4\ManyCam.exe" (ManyCam LLC)
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [SightSpeed] "C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe" -bootmode (Dell Inc. and SightSpeed Inc.)
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent (Valve Corporation)
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000..\Run: [Zilla Popup Killer] C:\Program Files (x86)\Zilla Popup Killer\ZillaPop.exe (ZillaSoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-895920143-1221994733-1013656619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [@%SystemRoot%\system32\nlasvc.dll,-1000] - C:\Windows\system32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [@%SystemRoot%\system32\napinsp.dll,-1000] - C:\Windows\system32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [@%SystemRoot%\system32\pnrpnsp.dll,-1000] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [@%SystemRoot%\system32\pnrpnsp.dll,-1001] - C:\Windows\system32\pnrpnsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\system32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\Program) - File not found
O20 - AppInit_DLLs: (Files) - File not found
O20 - AppInit_DLLs: ((x86)\OpinionSquare\opai.dll) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\system32\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWOW64\webcheck.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/03 16:28:56 | 00,000,080 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{639c8e46-3e4d-11de-8c9b-002170453a65}\Shell - "" = AutoRun
O33 - MountPoints2\{639c8e46-3e4d-11de-8c9b-002170453a65}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/09 14:13:24 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/10 01:06:38 | 00,000,000 | ---D | C] -- C:\rsit
[2009/06/10 01:06:38 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2009/06/10 00:59:59 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes
[2009/06/10 00:59:58 | 00,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/10 00:59:56 | 00,040,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/06/10 00:59:55 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/06/10 00:59:54 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009/06/10 00:58:00 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/06/09 15:17:44 | 00,000,036 | ---- | C] () -- C:\Windows\hdd.ini
[2009/06/09 15:17:43 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\R-Wipe&Clean
[2009/06/09 15:17:43 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\R-Wipe&Clean
[2009/06/09 15:15:39 | 00,389,120 | ---- | C] () -- C:\Windows\System32\actskn43.ocx
[2009/06/09 15:15:39 | 00,188,416 | ---- | C] (SoftShape Development) -- C:\Windows\System32\actsplash.ocx
[2009/06/09 15:15:39 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Zilla Popup Killer
[2009/06/09 14:13:24 | 00,001,780 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/08 19:27:29 | 42,941,07136 | -HS- | C] () -- C:\hiberfil.sys
[2009/06/07 20:34:05 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\U3
[2009/06/04 18:23:19 | 00,011,153 | ---- | C] () -- C:\Users\Brian\Documents\ecology questions.docx
[2009/06/04 13:37:02 | 00,000,000 | -H-D | C] -- C:\Windows\PIF
[2009/06/04 13:37:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\HandyInternetAdvice
[2009/06/04 01:11:41 | 07,758,077 | ---- | C] () -- C:\Users\Brian\Desktop\06 Ghost.m4a
[2009/06/04 01:00:37 | 07,154,672 | ---- | C] () -- C:\Users\Brian\Desktop\03 Summer Girls.m4a
[2009/06/04 01:00:05 | 00,126,767 | ---- | C] () -- C:\Users\Brian\Desktop\Folder.jpg
[2009/06/04 00:57:34 | 04,257,375 | ---- | C] () -- C:\Users\Brian\Desktop\You're Gonna Go Far, Kid.mp3
[2009/06/04 00:48:31 | 08,272,445 | ---- | C] () -- C:\Users\Brian\Desktop\06 All My Life.m4a
[2009/06/04 00:45:22 | 07,342,657 | ---- | C] () -- C:\Users\Brian\Desktop\10 Love Story.m4a
[2009/06/04 00:39:41 | 07,211,737 | ---- | C] () -- C:\Users\Brian\Desktop\06 Bye, Bye, Bye.m4a
[2009/06/04 00:39:31 | 08,965,576 | ---- | C] () -- C:\Users\Brian\Desktop\07 Total Eclipse of the Heart.m4a
[2009/06/04 00:38:02 | 07,484,662 | ---- | C] () -- C:\Users\Brian\Desktop\01 Where I Want to Be.m4a
[2009/06/04 00:29:23 | 09,023,667 | ---- | C] () -- C:\Users\Brian\Desktop\01 Under Control.m4a
[2009/06/04 00:25:48 | 06,544,374 | ---- | C] () -- C:\Users\Brian\Desktop\09 Dance Erotic (feat. Pack & John B.m4a
[2009/06/04 00:23:56 | 06,728,578 | ---- | C] () -- C:\Users\Brian\Desktop\02 That's What She Said.m4a
[2009/06/04 00:21:02 | 06,336,986 | ---- | C] () -- C:\Users\Brian\Desktop\04 Realize.m4a
[2009/06/04 00:14:56 | 05,308,676 | ---- | C] () -- C:\Users\Brian\Desktop\01 Camera Shy.m4a
[2009/06/03 22:12:19 | 00,040,960 | ---- | C] () -- C:\Users\Brian\Documents\French Revolution paper.doc
[2009/06/02 21:08:20 | 00,012,217 | ---- | C] () -- C:\Users\Brian\Documents\bio pg 10033-10044.docx
[2009/06/01 04:30:19 | 00,000,000 | ---D | C] -- C:\Users\Brian\Desktop\Hedley Music
[2009/06/01 04:29:33 | 00,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2009/06/01 04:29:25 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2009/05/31 21:46:29 | 00,014,078 | ---- | C] () -- C:\Users\Brian\Documents\A Tortoise for the Queen of Tonga.docx
[2009/05/31 18:33:52 | 00,001,919 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/05/31 18:32:55 | 00,000,000 | ---D | C] -- C:\Users\Brian\Desktop\Adobe Reader 9 Installer
[2009/05/31 18:30:17 | 00,000,000 | ---D | C] -- C:\ProgramData\NOS
[2009/05/31 18:30:15 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\NOS
[2009/05/23 23:32:20 | 00,000,000 | ---D | C] -- C:\Users\Brian\Documents\LimeWire
[2009/05/23 23:31:37 | 00,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\LimeWire
[2009/05/16 21:22:31 | 00,012,856 | ---- | C] () -- C:\Users\Brian\Documents\Grad at Grad 2009.docx
[2009/04/22 00:19:06 | 00,172,173 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/03/24 19:09:29 | 00,000,254 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/03/24 19:09:29 | 00,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/03/24 19:07:08 | 00,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/03/24 19:07:08 | 00,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/03/24 19:05:53 | 00,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/03/24 19:05:53 | 00,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2009/03/24 19:03:12 | 00,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/01/11 14:46:19 | 00,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2008/11/12 09:43:52 | 00,053,248 | ---- | C] () -- C:\Windows\System32\blib.dll
[2008/11/11 16:04:56 | 00,223,232 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2008/11/06 12:37:32 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/11/06 12:34:00 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/11/06 12:33:02 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/04/10 17:46:36 | 00,015,498 | ---- | C] () -- C:\Windows\VX3000.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 08:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini

========== Files - Modified Within 30 Days ==========

[2009/06/10 01:29:59 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{20D786F1-A64A-4D53-9976-8AB1B9698033}.job
[2009/06/10 01:22:20 | 00,000,288 | ---- | M] () -- C:\Windows\tasks\RtlNICDiagVistaStart.job
[2009/06/10 01:22:08 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/06/10 01:22:07 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/06/10 01:22:02 | 42,941,07136 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/10 01:00:00 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\MCE Tunes Auto Sync.job
[2009/06/10 00:59:58 | 00,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/06/09 15:17:44 | 00,000,036 | ---- | M] () -- C:\Windows\hdd.ini
[2009/06/09 14:13:24 | 00,001,780 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/06/07 20:42:29 | 00,002,651 | ---- | M] () -- C:\Users\Brian\Desktop\Microsoft Office Word 2007.lnk
[2009/06/06 15:13:55 | 00,002,255 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2009/06/04 23:25:35 | 00,040,960 | ---- | M] () -- C:\Users\Brian\Documents\French Revolution paper.doc
[2009/06/04 18:23:19 | 00,011,153 | ---- | M] () -- C:\Users\Brian\Documents\ecology questions.docx
[2009/06/04 01:00:05 | 00,126,767 | ---- | M] () -- C:\Users\Brian\Desktop\Folder.jpg
[2009/06/03 23:23:38 | 07,484,662 | ---- | M] () -- C:\Users\Brian\Desktop\01 Where I Want to Be.m4a
[2009/06/03 10:07:31 | 07,342,657 | ---- | M] () -- C:\Users\Brian\Desktop\10 Love Story.m4a
[2009/06/03 10:07:31 | 06,336,986 | ---- | M] () -- C:\Users\Brian\Desktop\04 Realize.m4a
[2009/06/03 10:07:31 | 05,308,676 | ---- | M] () -- C:\Users\Brian\Desktop\01 Camera Shy.m4a
[2009/06/03 10:07:26 | 09,023,667 | ---- | M] () -- C:\Users\Brian\Desktop\01 Under Control.m4a
[2009/06/03 10:07:25 | 08,965,576 | ---- | M] () -- C:\Users\Brian\Desktop\07 Total Eclipse of the Heart.m4a
[2009/06/03 10:07:25 | 08,272,445 | ---- | M] () -- C:\Users\Brian\Desktop\06 All My Life.m4a
[2009/06/03 10:07:25 | 07,758,077 | ---- | M] () -- C:\Users\Brian\Desktop\06 Ghost.m4a
[2009/06/03 10:07:25 | 06,544,374 | ---- | M] () -- C:\Users\Brian\Desktop\09 Dance Erotic (feat. Pack & John B.m4a
[2009/06/03 10:07:08 | 07,211,737 | ---- | M] () -- C:\Users\Brian\Desktop\06 Bye, Bye, Bye.m4a
[2009/06/03 10:07:08 | 06,728,578 | ---- | M] () -- C:\Users\Brian\Desktop\02 That's What She Said.m4a
[2009/06/03 10:06:55 | 07,154,672 | ---- | M] () -- C:\Users\Brian\Desktop\03 Summer Girls.m4a
[2009/06/02 21:08:21 | 00,012,217 | ---- | M] () -- C:\Users\Brian\Documents\bio pg 10033-10044.docx
[2009/06/02 15:52:16 | 00,033,792 | ---- | M] () -- C:\Users\Brian\Documents\Brian_J Resume.doc
[2009/06/01 04:29:33 | 00,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2009/06/01 01:00:00 | 00,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job
[2009/05/31 21:46:30 | 00,014,078 | ---- | M] () -- C:\Users\Brian\Documents\A Tortoise for the Queen of Tonga.docx
[2009/05/31 18:33:52 | 00,001,919 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009/05/26 13:20:08 | 00,040,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/05/17 21:48:48 | 00,012,856 | ---- | M] () -- C:\Users\Brian\Documents\Grad at Grad 2009.docx
[2009/05/15 01:00:00 | 00,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[2009/05/15 00:26:11 | 04,257,375 | ---- | M] () -- C:\Users\Brian\Desktop\You're Gonna Go Far, Kid.mp3
< End of report >

Extra.txt

OTL Extras logfile created on: 6/10/2009 1:28:40 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Users\Brian\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.57% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.57 Gb Total Space | 519.78 Gb Free Space | 76.04% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 8.47 Gb Free Space | 56.49% Space Free | Partition Type: NTFS
Drive E: | 494.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 3.62 Gb Total Space | 1.60 Gb Free Space | 44.26% Space Free | Partition Type: FAT32

Computer Name: BRIAN-PC
Current User Name: Brian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.reg [@ = regfile] -- C:\Windows\system32\regedit.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-895920143-1221994733-1013656619-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
"EnableFirewall" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts\List

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

{089F408E-E602-4125-82C3-CE2C3F27F560} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{1A2FD1C6-547E-41D1-B31F-22672A244D6A} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=SVCHOST.EXE | SVC=SSDPSRV |
{1E9B2443-2841-4284-A964-2DE24BB8E1E3} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{27EC2ECB-D910-49B1-8B5C-6F6C5F1A2A07} = LPORT=3390 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{2CC0B065-3324-4841-87F2-DACE8402A88D} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{2D22E159-973A-4BDD-A219-3FF66C658A22} = LPORT=3390 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{330216DA-669E-4100-947A-DD2AF72C6FB9} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{3F15ED86-0D70-412F-BCFA-4B8340EA3BE0} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{446CC254-A477-4EB8-BA9C-EE405E6EB776} = LPORT=10244 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{4547E492-6C51-4775-A11E-7072AE69775C} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{45A007D2-9F68-4E62-A087-3CE878D64656} = RPORT=1900 | PROTOCOL=17 | DIR=OUT | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{47690E26-266B-4D8D-A2E2-C5258E2EF69B} = LPORT=10244 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{59139CD7-F65E-4F28-9B70-FDC1BB1CB1D7} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{5CB67B50-D1B5-4D58-90A0-DF9EB9756CD4} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{5E8ED8AE-E701-4E57-A4BE-B1F333EA3C22} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{65EC197E-4A6A-4DB1-812E-003CABE04D04} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{6A850B76-10F0-4313-AA21-D7207D8E5415} = RPORT=2177 | PROTOCOL=17 | DIR=OUT | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{6E8E46FA-C6C2-4691-AA9A-B42A77027867} = LPORT=6004 | PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\OUTLOOK.EXE |
{7E6B256F-8522-4023-974A-30504E4D2936} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{80BAD661-0525-44BD-9FA3-A92A657AE896} = RPORT=10243 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{8AE87658-F5E5-4FED-81B8-B6CF390CC51D} = LPORT=554 | PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{8B3AB9CE-9693-447A-96B5-72FCB4895AE4} = LPORT=10243 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{9643B360-0829-443C-86BF-43FEA078D69C} = LPORT=7777 | PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{A4C195E6-4095-4F54-9AB8-FA1A4A99F6B7} = RPORT=10244 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{A7CC2724-F1F1-4C00-882B-4BAF858218D6} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{AA49B69B-C167-4025-964A-C99FDA125716} = LPORT=554 | PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{AA715F91-4E7B-4162-A353-2366C8BEFFA9} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{B1E61DF3-AED2-4A94-9450-9434FB98F8B5} = LPORT=7777 | PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{BA04C6F7-C49A-4F3A-B864-68A164644386} = LPORT=2177 | PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{C090CB4A-B55D-49B4-986F-84700473A10B} = LPORT=2869 | PROTOCOL=6 | DIR=IN | APP=SYSTEM |
{D65EC90B-ECAD-44B5-A50B-FE428972565B} = RPORT=2177 | PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |
{D722072F-3B00-4A44-B641-6032F640A1BA} = LPORT=1900 | PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=SSDPSRV |
{ECCDF17F-A75A-4183-AE11-8FD3B167723B} = RPORT=10244 | PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{FAA9A465-344D-456B-B5D1-BD48133D314A} = LPORT=2177 | PROTOCOL=17 | DIR=IN | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=QWAVE |

========== Vista Active Application Exception List ==========

{006F8DE6-8333-4713-9008-0D6AE55805E5} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{0FAD2779-7F93-45D7-84CA-7ED99FDFBD04} = PROTOCOL=6 | DIR=IN | APP=E:\SETUP.EXE |
{0FE28623-F9A2-4AC1-8BF2-921A197F6A1E} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{10B4DAF9-1F0B-4A69-BA4E-77DC24DD20B2} = PROTOCOL=6 | DIR=OUT | APP=%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE | SVC=UPNPHOST |
{1623D423-744A-4B6D-9009-6814ABBCE5EB} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{1647C823-32AC-447E-8B62-B59A85AE4E87} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{1BE48C0A-C3D6-400E-AE4D-D97950E15ADC} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DELL VIDEO CHAT\DELLVIDEOCHAT.EXE |
{1F88983A-05FA-48A0-A96B-A6CD29167373} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{2375877B-2DE2-4339-8D55-2193F1EBBF0E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{23CC225C-C254-4D9E-AF7E-DBF5DDE25474} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{252127FC-FD49-47F2-8730-04C5D0FEB96C} = PROTOCOL=6 | DIR=OUT | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{2E5BF4AB-19F1-41CB-8475-8A40C0DDE0CE} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\SEGA\MEDIEVAL II TOTAL WAR\MEDIEVAL2.EXE |
{2F0A52FD-E090-4D27-BCA6-28AF8C4B56BF} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT LIFECAM\LIFECAM.EXE |
{33EBD140-0A93-4379-B168-FA79025D6CBE} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{3B5BFB29-6B79-4251-8C1A-E08A9234630C} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{3FC0FDB7-421C-4047-A8E3-93BA317D24A2} = PROTOCOL=6 | DIR=OUT | APP=C:\WINDOWS\EHOME\MCX2PROV.EXE |
{50009057-80DD-457A-9B56-979233386A94} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{52DE2D0F-DB79-4E6E-BE1A-2CA3CA17157F} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE |
{5C5579C5-25CD-410D-8F13-3E8DD566C286} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{5D7E9B3F-F0BE-4D7F-9640-26E87470C22D} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{5DCD44F7-82DC-47F6-9EBD-097CE82A7D14} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{5E2736CC-2162-439F-AB02-7C8E7D6181BB} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT LIFECAM\LIFEEXP.EXE |
{60EC6EB2-2892-46DB-9C1E-24D224456ED3} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{69AD0792-D37C-4554-A8C7-C8721DE674AF} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{6A78A12D-AECA-4C80-87E3-0E5DD1B53239} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE |
{6B3BB26D-4C51-4B20-95AB-8B71F69F287E} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\ONENOTE.EXE |
{711C0B98-B4FF-4495-B473-045651497211} = DIR=IN | APP=C:\PROGRAM FILES\CYBERLINK\POWERDVD DX\PDVDDXSRV.EXE |
{72DAA8DA-6173-4269-88BF-3D8CE882063E} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\MSNMSGR.EXE |
{73D01535-CF0A-4586-AF64-E86AF4EFEC3C} = PROTOCOL=6 | DIR=IN | APP=C:\WINDOWS\TEMP\~OSB0F4.TMP\OSSPROXY.EXE |
{799C57FF-4AC4-41CD-819A-F4A918DA4254} = DIR=IN | APP=C:\PROGRAM FILES (X86)\WINDOWS LIVE\MESSENGER\LIVECALL.EXE |
{7C41D328-96B5-4244-80F4-9BDC0FD8AD23} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{803C2194-C1E7-425E-988B-F7D2DA42D02E} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{825AC331-A560-4BC8-BE3F-02743D6C489B} = PROTOCOL=17 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{8D8D71F0-A547-48CB-81DC-73C36F32CE49} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{918B51DA-262A-4330-B8A5-001D69495196} = PROTOCOL=17 | DIR=OUT | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{91FD1372-0146-4DDF-B726-E66C281FE270} = PROTOCOL=17 | DIR=OUT | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{943AF679-8A83-48F6-9BD9-EFDBBDF04F45} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\AOL\LOADER\AOLLOAD.EXE |
{954D2517-C1BD-4B81-A041-90F346A5EC9B} = PROTOCOL=6 | DIR=OUT | APP=SYSTEM |
{9B345055-FE70-40EA-B973-A07BCA80A214} = DIR=IN | APP=C:\PROGRAM FILES\CYBERLINK\POWERDVD DX\POWERDVD.EXE |
{9F358C80-767E-49D8-B04E-71A5F37719B9} = PROTOCOL=17 | DIR=IN | APP=E:\SETUP.EXE |
{AEAC26AC-7A8B-4F72-B6CC-8CBEEDAB9CCF} = DIR=IN | APP=C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\MNA\MCNASVC.EXE |
{B209CBEB-0582-4A74-9524-6E449029E3E1} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{B7EB8C19-D657-4217-BA42-506951EB50C2} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT LIFECAM\LIFEEXP.EXE |
{B8F43A81-26F5-4C5D-A1E9-D1300329C1C8} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{BABFE5C0-8697-4F81-BA20-D5468B6F977A} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{C175535C-4AF0-4397-B98E-28439A8797F8} = PROTOCOL=6 | DIR=OUT | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
{C5ED13A1-F311-4909-A403-D7FE55D9B886} = PROTOCOL=17 | DIR=IN | APP=%PROGRAMFILES(X86)%\WINDOWS MEDIA PLAYER\WMPLAYER.EXE |
{C7983BA9-ED33-4CE6-A64E-25789C98264C} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\OFFICE12\GROOVE.EXE |
{C82113D4-0C50-4CC6-AB24-9DA9D1851C86} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT LIFECAM\LIFECAM.EXE |
{CAD35E7F-919A-4A42-A8A8-17F9AC3025EE} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\ITUNES\ITUNES.EXE |
{DCC603DF-CCD7-4FEE-B94B-B5543218718D} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DELL VIDEO CHAT\DELLVIDEOCHAT.EXE |
{DE978E30-45D0-4D98-9CCE-96B2006D6419} = PROTOCOL=6 | DIR=OUT | APP=C:\WINDOWS\EHOME\MCX2PROV.EXE |
{E771ECFE-453A-4585-9244-C970637C4C8A} = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\BONJOUR\MDNSRESPONDER.EXE |
{EA665DC9-4A82-43FE-B499-1497393C728F} = PROTOCOL=6 | DIR=OUT | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |
{EA6EBFAF-1C2B-4B60-8C86-C0046261701A} = PROTOCOL=6 | DIR=OUT | APP=C:\WINDOWS\EHOME\EHSHELL.EXE |
{EF44E248-0D21-4762-861B-F57C5BDAAE5B} = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\SEGA\MEDIEVAL II TOTAL WAR\MEDIEVAL2.EXE |
{F53E872E-24F3-420E-A426-5CD574A1902C} = PROTOCOL=6 | DIR=OUT | APP=C:\WINDOWS\SYSTEM32\SVCHOST.EXE | SVC=MCX2SVC |
{F812B565-5346-4677-9914-3373C803D382} = PROTOCOL=6 | DIR=IN | APP=%PROGRAMFILES%\WINDOWS MEDIA PLAYER\WMPNETWK.EXE |
TCP Query User{0BA11802-7E58-4FFC-A3BB-ED09D68E9BB2}C:\program files (x86)\microsoft lifecam\lifecam.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT LIFECAM\LIFECAM.EXE |
TCP Query User{0E16AD68-071B-4BE3-BC5A-9B42B1834602}C:\program files (x86)\microsoft lifecam\lifeexp.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT LIFECAM\LIFEEXP.EXE |
TCP Query User{0FEF5535-BC94-47BC-B520-D8D53C124CD4}C:\program files (x86)\limewire\limewire.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |
TCP Query User{1F57DD23-75B9-4E20-8D36-1E53763EB604}C:\program files (x86)\aim6\aim6.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE |
TCP Query User{396D7F93-D875-4CDE-9ABE-8150C345CAC7}C:\program files (x86)\free music zilla\fmzilla.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FREE MUSIC ZILLA\FMZILLA.EXE |
TCP Query User{FFBCC65A-BB6D-4DC1-BBA1-20AA00F430A3}C:\program files (x86)\dell video chat\dellvideochat.exe = PROTOCOL=6 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DELL VIDEO CHAT\DELLVIDEOCHAT.EXE |
UDP Query User{00829F14-9274-4736-B0C3-B4C4ADE345EA}C:\program files (x86)\microsoft lifecam\lifeexp.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT LIFECAM\LIFEEXP.EXE |
UDP Query User{11808EA7-CC59-479D-BE55-DE32AE6E60AF}C:\program files (x86)\aim6\aim6.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\AIM6\AIM6.EXE |
UDP Query User{202BDD23-107D-49BF-A20F-FDD49E1A98D7}C:\program files (x86)\microsoft lifecam\lifecam.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\MICROSOFT LIFECAM\LIFECAM.EXE |
UDP Query User{2AB1919C-201F-4240-9FDC-0FC1BDA398C4}C:\program files (x86)\free music zilla\fmzilla.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\FREE MUSIC ZILLA\FMZILLA.EXE |
UDP Query User{A07845F4-5E8A-4F33-8C62-3CB57010D00A}C:\program files (x86)\dell video chat\dellvideochat.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\DELL VIDEO CHAT\DELLVIDEOCHAT.EXE |
UDP Query User{A87B4EC7-796D-4AD5-8FCB-091C4962887C}C:\program files (x86)\limewire\limewire.exe = PROTOCOL=17 | DIR=IN | APP=C:\PROGRAM FILES (X86)\LIMEWIRE\LIMEWIRE.EXE |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{02DC8564-2044-475B-BE97-AAFB35160BCD}" = PC ScanAndSweep
"{03B25762-461B-22C8-9AF0-170F3D749061}" = Catalyst Control Center Graphics Previews Vista
"{03BF49A6-A643-A836-0732-2467E9A6B911}" = Catalyst Control Center Localization Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AC7F464-85E9-337D-B100-DC178C14A699}" = Catalyst Control Center Core Implementation
"{0BC1B842-C298-99E6-D0A8-FA3B33A07C5C}" = Catalyst Control Center Localization German
"{0BF215E3-C97F-7BF3-96D0-9C7D3F5FF9B4}" = Catalyst Control Center Localization Chinese Traditional
"{0D1303D7-3918-3014-E119-33DBB649BE86}" = Catalyst Control Center Localization Spanish
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{138BF761-BFAA-29BB-B755-91262DE91A19}" = ccc-core-static
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{162981A5-050A-3DDA-2477-49724E334DEF}" = CCC Help Spanish
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C55AE03-9FF0-4908-B42C-D191DA3C4F22}" = Medieval II Total War
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FECF5F8-8E75-432C-9FF7-1C04F1956B54}" = Realtek Ethernet Network Card Diagnostic tool for Windows Vista
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{276B965A-AC01-955C-E678-C8D25C58A42B}" = Catalyst Control Center Graphics Previews Common
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B83C858-A352-1E5D-0052-C326C815F3C4}" = CCC Help Japanese
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{323C7763-A048-4E06-A339-729632A3F95E}" = PC ScanAndSweep
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5370D92F-CF5A-4A38-DE84-151F9F58BCB2}" = Catalyst Control Center Localization Italian
"{56CDA83B-BC0B-A4A7-BD48-1176A6C97033}" = Catalyst Control Center Graphics Light
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{63EB4545-0CB5-35FE-D20C-F8E6995703F3}" = Catalyst Control Center Localization French
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{712A51A2-68F2-17D2-E3EB-C199DA0E0BE0}" = Catalyst Control Center Localization Portuguese
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{82427977-8776-4087-90CA-9F65174D3C4D}" = Nokia Connectivity Cable Driver
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88477E65-A679-2CAE-645A-5073ED86715B}" = CCC Help Portuguese
"{88DCB080-7A56-5697-4407-21BD03DCE401}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AC7ACAD-10E5-E7F4-481A-29C4C8B19990}" = Catalyst Control Center Graphics Full Existing
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{99D8CE0E-20C7-3761-5F90-0E1329A55824}" = CCC Help Hungarian
"{9C2F79E2-4B21-E840-CF5B-FF1EE52E5B9F}" = Catalyst Control Center Localization Chinese Standard
"{A029AD64-F8F2-09AD-E29B-623B4BBF872C}" = CCC Help French
"{A09B8374-BD00-63EB-9616-E624A44EF877}" = CCC Help German
"{A28D08AE-3FBD-EBDB-BA28-CE719F699E48}" = CCC Help Chinese Standard
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3111537-BA7A-C129-1E6B-E2C77DCA3AD2}" = CCC Help Italian
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A9D0745C-BABD-472B-8AF0-FAF888D31046}" = Medieval II Total War
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC20ED6A-6D1D-422D-BF01-8453654B7A3F}" = Spyware Striker
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2050314-D2DF-6589-E155-5E4E8F8AB3D4}" = Catalyst Control Center Localization Turkish
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7CB0BF3-791E-44D3-9F04-786E36D51C9D}" = PC Connectivity Solution
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{C2112C02-1BCA-A86F-F6E1-264CCE43F451}" = CCC Help Chinese Traditional
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C85C2248-CF17-441F-972B-428F8AC37087}" = PC SpeedScan Pro
"{CDA2EBE1-999C-48FB-DF9A-81C789900BFF}" = CCC Help Turkish
"{D68F16A7-9447-8A92-7EF3-A4E26B2A95EE}" = CCC Help English
"{D9461574-5FC0-4641-BBDC-D1038B196F55}" = Brother MFL-Pro Suite MFC-490CW
"{DE27264D-7CA0-3317-7192-C64F0B7D9AB3}" = Catalyst Control Center Localization Japanese
"{E044161D-75F5-3EC5-2BDA-42D106E602D2}" = CCC Help Korean
"{E112EC9E-B411-F3E0-EF02-C0D21C09F329}" = Catalyst Control Center Localization Hungarian
"{E8B0BD86-073B-4D7E-B0F1-CC37E70014D4}" = Spyware Striker
"{EA778E78-0B7B-05AE-A72F-AF484D201DFB}" = Skins
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Dell Video Chat" = Dell Video Chat (remove only)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Download Manager" = Download Manager 2.3.7
"Dream Render 2.20_is1" = Dream Render 2.20
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HandyInternetAdvice" = FFHandyInternetAdvice
"HijackThis" = HijackThis 2.0.2
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"MSC" = McAfee SecurityCenter
"Picasa 3" = Picasa 3
"R-Wipe&Clean_is1" = R-Wipe&Clean 8.6
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent dell Master Uninstall" = WildTangent Games
"Zilla Popup Killer_is1" = Zilla Popup Killer 5.0.0.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-895920143-1221994733-1013656619-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/29/2009 3:08:42 PM | Computer Name = Brian-PC | Source = Application Error | ID = 1000
Description = Faulting application MCETunesExtenderSupport.exe, version 2.5.0.0,
time stamp 0x49d6629f, faulting module MCETunesExtenderSupport.exe, version 2.5.0.0,
time stamp 0x49d6629f, exception code 0xc0000005, fault offset 0x00007a7f, process
id 0xf00, application start time 0x01c9c8f76a8e32bc.

Error - 4/30/2009 1:32:46 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =

Error - 4/30/2009 5:04:56 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/6/2009 1:34:31 AM | Computer Name = Brian-PC | Source = Perflib | ID = 1023
Description =

Error - 5/6/2009 1:34:32 AM | Computer Name = Brian-PC | Source = Perflib | ID = 1008
Description =

Error - 5/6/2009 1:34:32 AM | Computer Name = Brian-PC | Source = Perflib | ID = 1023
Description =

Error - 5/7/2009 11:50:51 PM | Computer Name = Brian-PC | Source = WinMgmt | ID = 10
Description =

Error - 5/10/2009 2:43:25 PM | Computer Name = Brian-PC | Source = Perflib | ID = 1023
Description =

Error - 5/10/2009 2:43:25 PM | Computer Name = Brian-PC | Source = Perflib | ID = 1008
Description =

Error - 5/10/2009 2:43:25 PM | Computer Name = Brian-PC | Source = Perflib | ID = 1023
Description =

[ Media Center Events ]
Error - 4/28/2009 7:58:42 PM | Computer Name = Brian-PC | Source = Mcx2Dvcs | ID = 401
Description =

Error - 4/28/2009 8:00:55 PM | Computer Name = Brian-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 4/28/2009 8:03:06 PM | Computer Name = Brian-PC | Source = Mcx2Dvcs | ID = 405
Description =

Error - 4/29/2009 10:21:13 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 3/11/2009 5:47:28 AM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/12/2009 7:26:47 PM | Computer Name = Brian-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:25:39 PM on 3/12/2009 was unexpected.

Error - 3/12/2009 7:26:48 PM | Computer Name = Brian-PC | Source = HTTP | ID = 15016
Description =

Error - 3/13/2009 5:00:05 AM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/18/2009 12:01:56 AM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/18/2009 12:02:40 AM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7031
Description =

Error - 3/18/2009 12:03:40 AM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 3/20/2009 4:00:05 AM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 3/21/2009 9:46:37 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 3/21/2009 9:46:37 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

#3 Sportzfreak98

Sportzfreak98
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:18 PM

Posted 10 June 2009 - 01:43 PM

Just thought I should update you guys, because I have noticed that the pop ups seem to be grabbing a topic or some sort from the pages. When I go to the bleepingcomputer site, I get anti-virus pop ups. Game sites give me gaming ads, and so on.

#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:18 PM

Posted 19 June 2009 - 05:55 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,801 posts
  • ONLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:11:18 PM

Posted 22 June 2009 - 05:07 PM

Due to the lack of feedback, this Topic is now closed.

In case you still have problems, please send me a Private message to reopen this topic within the next 5 days. Beyond that point, please start a new topic.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users