Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

System, & Program Issues Are Escalating......


  • This topic is locked This topic is locked
12 replies to this topic

#1 ozhawk

ozhawk

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 05 July 2009 - 07:25 PM

I have been encountering several issues over the last two to three weeks. They started off as what I thought were minor issues at first and have gradually gotten worse. I signed back on when I came back today and got Yahoo instead of MSN (which is my homepage). I have also had at least one program quit working - (Pinnacle Game Profiler) and now I am also getting a Windows program that is not turning on automatically anymore. I get a popup to turn it on by clicking on the selection in the popup box. (This just started today).
I have scanned my system using the COMODO Internet Security Program, Avast, Windows Defender. I have also scanned using Malwarebytes' Anti-Malware and use the scanners in Advanced Systems Care. I have a Hijack Analysis Report from their Security Analyzer.

Any and All help that you can give would be greatly appreciated.
Thanks
ozhawk - Running Windows 64-Bit

Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 6:57:19 PM, on 7/5/2009
Platform: Windows Vista (WinNT 6.0)
MSIE: Internet Explorer v8.0 (8.0.6001.18783)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Users\sifu yoda\AppData\Roaming\mjusbsp\magicJack.exe
C:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Search Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Helper - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O2 - BHO: MSN Toolbar Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: MSN Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [cdloader] "C:\Users\sifu yoda\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [Pinnacle Game Profiler] "C:\Program Files (x86)\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe" -atboottime
O4 - HKLM\..\Run: [PCMService] "C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O9 - Extra button: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -
O9 - Extra button: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} -
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...9887.5015740741
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Plug-in 1.6.0_07) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_13) - http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSr64.exe
O23 - Service: (AMD External Events Utility) - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1c9b89ae7f75430) (gupdate1c9b89ae7f75430) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files (x86)\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown - %ProgramFiles%\Windows Media Player\wmpnetwk.exe

BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:03:26 PM

Posted 12 July 2009 - 10:52 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:02:26 PM

Posted 17 July 2009 - 09:58 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#4 Galadriel

Galadriel

    Bleepin Elf


  • Malware Response Team
  • 2,753 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Missouri, USA
  • Local time:01:26 PM

Posted 03 August 2009 - 09:09 PM

Reopened at member's request.
I cemna prestar aen. Han mathon ne nen. Han mathon ne chae. A han noston ne 'wilith. - Galadriel
'The avatar is changed; I can feel it in the water, I can feel it in the earth, I can smell it in the air.'

Phear teh ceiling cat, for he is roofkittehd! - Basement Cat

I'm a Bleeping Folder, are you? - Join BC in the fight against diseases - Click here
Become a BleepingComputer fan: Facebook

#5 ozhawk

ozhawk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 07 August 2009 - 07:53 PM

Here are the two files that you asked me to post:

OTL.Txt
OTL logfile created on: 8/7/2009 7:36:43 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Users\sifu yoda\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.53% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.70 Gb Total Space | 342.95 Gb Free Space | 76.09% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.26 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.59 Mb Total Space | 17.31 Mb Free Space | 98.38% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIFUYODA-PC
Current User Name: sifu yoda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2008/09/23 22:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe
PRC - [2008/09/30 10:03:14 | 00,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/06/30 09:55:40 | 02,329,224 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2009/07/07 10:23:00 | 01,779,952 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2008/12/02 22:41:54 | 03,882,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
PRC - [2008/01/14 10:13:02 | 00,132,392 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe
PRC - [2008/09/30 10:03:12 | 00,464,112 | ---- | M] (Dell Inc.) -- C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
PRC - [2009/01/09 11:40:26 | 00,942,592 | ---- | M] (Audiovox Electronics Corp.) -- C:\Users\sifu yoda\Documents\RCA Detective\RCADetective.exe
PRC - [2007/06/20 16:04:51 | 00,046,432 | ---- | M] (Microsoft® Corporation) -- C:\Program Files (x86)\Microsoft Works\WkCalRem.exe
PRC - [2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/04/02 16:11:02 | 00,342,312 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
PRC - [2009/04/03 12:28:00 | 00,573,440 | ---- | M] (Audiovox Electronics Corp.) -- C:\Users\sifu yoda\Documents\RCA easyRip\EZDock.exe
PRC - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe
PRC - [2009/08/01 11:13:44 | 12,231,512 | ---- | M] (magicJack L.P.) -- C:\Users\sifu yoda\AppData\Roaming\mjusbsp\magicJack.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2009/07/21 16:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
PRC - [2008/12/04 13:29:32 | 00,131,928 | ---- | M] (Microsoft Corp.) -- C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msntask.exe
PRC - [2008/12/08 17:01:52 | 00,224,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
PRC - [2009/08/07 19:34:15 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\sifu yoda\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/07/28 07:37:22 | 00,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTSr64.exe -- (AERTFilters [Auto | Running])
SRV:64bit: - [2009/05/15 22:24:09 | 00,203,264 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility [Auto | Running])
SRV:64bit: - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV:64bit: - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV:64bit: - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV:64bit: - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV:64bit: - [2008/09/23 22:09:52 | 00,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService [Auto | Running])
SRV:64bit: - [2008/01/20 21:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend [Auto | Running])
SRV:64bit: - [2008/01/20 21:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/29 21:42:16 | 00,066,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2009/03/29 21:39:56 | 00,089,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64 [On_Demand | Stopped])
SRV - [2008/01/20 21:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehRecvr.exe -- (ehRecvr [On_Demand | Stopped])
SRV - [2008/01/20 21:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehsched.exe -- (ehSched [On_Demand | Stopped])
SRV - [2006/11/02 10:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\ehome\ehstart.dll -- (ehstart [Auto | Stopped])
SRV - [2009/02/18 11:40:06 | 00,042,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/07/16 18:16:44 | 00,250,616 | ---- | M] (WildTangent, Inc.) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe -- (GameConsoleService [On_Demand | Stopped])
SRV - [2009/04/08 17:34:05 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -- (gupdate1c9b89ae7f75430 [Auto | Stopped])
SRV - [2009/04/08 17:29:43 | 00,183,280 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Stopped])
SRV - [2008/09/30 10:03:14 | 00,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc [Auto | Running])
SRV - [2009/02/18 11:39:12 | 00,857,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/04/02 16:10:56 | 00,656,168 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2006/11/02 04:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\keyiso.dll -- (KeyIso [On_Demand | Running])
SRV - [2006/11/02 08:34:14 | 00,000,000 | ---D | M] -- C:\Windows\SysWow64\Msdtc -- (MSDTC [Unknown | Stopped])
SRV - [2009/04/10 23:28:24 | 00,592,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\netlogon.dll -- (Netlogon [Disabled | Stopped])
SRV - [2008/09/02 01:37:42 | 00,262,144 | ---- | M] (KALiNKOsoft) -- C:\Program Files (x86)\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe -- (PinnacleUpdateSvc [Auto | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2008/03/24 07:35:22 | 00,074,384 | R--- | M] (MicroVision Development, Inc.) -- C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/11/02 01:35:15 | 00,060,994 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vds.mof -- (vds [On_Demand | Stopped])
SRV - [2006/11/02 01:35:15 | 00,055,846 | ---- | M] () -- C:\Windows\SysWow64\Wbem\vss.mof -- (VSS [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV:64bit: - [2009/02/05 15:07:17 | 00,022,096 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV:64bit: - [2009/02/05 15:07:07 | 00,064,592 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\DRIVERS\aswMonFlt.sys -- (aswMonFlt [Auto | Running])
DRV:64bit: - [2009/02/05 15:06:13 | 00,027,216 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr [System | Running])
DRV:64bit: - [2009/02/05 15:07:36 | 00,089,680 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP [System | Running])
DRV:64bit: - [2009/02/05 15:06:23 | 00,058,448 | ---- | M] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV:64bit: - [2009/04/24 00:43:18 | 00,110,904 | ---- | M] (ATI Research Inc.) -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService [On_Demand | Running])
DRV:64bit: - [2009/05/15 23:02:02 | 05,957,632 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag [On_Demand | Running])
DRV:64bit: - [2006/10/06 21:13:22 | 00,550,912 | ---- | M] (Broadcom Corporation) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XV [On_Demand | Running])
DRV:64bit: - [2008/01/20 21:46:55 | 00,317,952 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express [On_Demand | Stopped])
DRV:64bit: - [2009/03/19 16:34:18 | 00,029,544 | ---- | M] (GEAR Software Inc.) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV:64bit: - [2009/04/10 22:39:52 | 00,275,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV:64bit: - [2008/09/01 04:12:26 | 00,381,976 | ---- | M] (Intel Corporation) -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor [Disabled | Stopped])
DRV:64bit: - [2009/01/18 16:24:52 | 00,129,384 | ---- | M] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler [On_Demand | Running])
DRV:64bit: - [2008/06/18 17:48:54 | 00,029,184 | ---- | M] (SingleClick Systems) -- C:\Windows\SysNative\DRIVERS\packet.sys -- (Packet [Auto | Running])
DRV:64bit: - [2007/11/14 03:00:00 | 00,053,488 | ---- | M] (Sonic Solutions) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64 [Boot | Running])
DRV:64bit: - [2009/05/15 23:02:02 | 05,957,632 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300 [On_Demand | Stopped])
DRV:64bit: - [2009/03/06 09:06:18 | 00,197,120 | ---- | M] (Realtek Corporation ) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169 [On_Demand | Running])
DRV:64bit: - [2009/04/10 22:39:36 | 00,098,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbaudio.sys -- (usbaudio [On_Demand | Running])
DRV - [2006/09/18 16:35:23 | 00,001,088 | ---- | M] () -- C:\Windows\SysWow64\Wbem\mpsdrv.mof -- (mpsdrv [On_Demand | Running])
DRV - [2006/09/18 16:36:40 | 00,003,066 | ---- | M] () -- C:\Windows\SysWow64\Wbem\tcpip.mof -- (Tcpip [Boot | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2768272112-1240476293-698848245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKU\S-1-5-21-2768272112-1240476293-698848245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2768272112-1240476293-698848245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-2768272112-1240476293-698848245-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2768272112-1240476293-698848245-1000\S-1-5-21-2768272112-1240476293-698848245-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 16:26:09 | 00,000,000 | ---D | M]


O1 HOSTS File: (761 bytes) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files (x86)\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-2768272112-1240476293-698848245-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found
O4:64bit: - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] File not found
O4:64bit: - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Easy Dock] C:\Users\sifu yoda\Documents\RCA easyRip\EZDock.exe (Audiovox Electronics Corp.)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files (x86)\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.DLL (Microsoft Corporation)
O4 - HKU\S-1-5-21-2768272112-1240476293-698848245-1000..\Run: [cdloader] C:\Users\sifu yoda\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-2768272112-1240476293-698848245-1000..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2768272112-1240476293-698848245-1000..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2768272112-1240476293-698848245-1000..\Run: [Pinnacle Game Profiler] C:\Program Files (x86)\KALiNKOsoft\Pinnacle Game Profiler\pinnacle.exe (KALiNKOsoft)
O4 - HKU\S-1-5-21-2768272112-1240476293-698848245-1000..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O4 - Startup: C:\Users\sifu yoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk = C:\Users\sifu yoda\Documents\RCA Detective\RCADetective.exe (Audiovox Electronics Corp.)
O4 - Startup: C:\Users\sifu yoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\wkcalrem.LNK = C:\Program Files (x86)\Microsoft Works\WkCalRem.exe (Microsoft® Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2768272112-1240476293-698848245-1000\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...9887.5015740741 (Update Class)
O16 - DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f-secure.com/ols/f-secu.../fslauncher.cab (F-Secure Online Scanner 4.0 Launcher)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll File not found
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/21 08:20:07 | 00,027,992 | R--- | M] (magicJack L.P.) - F:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 00,016,158 | R--- | M] () - F:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 00,000,308 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/07/21 08:20:07 | 00,706,144 | R--- | M] (magicJack L.P.) - F:\autorunu.exe -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 15:12:12 | 00,000,270 | ---- | M] () - G:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{357a0ced-fcea-11dd-aaad-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{357a0ced-fcea-11dd-aaad-806e6f6e6963}\Shell\AutoRun\command - "" = E:\FalloutLauncher.exe -- File not found
O33 - MountPoints2\{78756983-0130-11de-b25b-00219b216781}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O33 - MountPoints2\{78756983-0130-11de-b25b-00219b216781}\Shell\phone\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\SysWow64\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/07 19:34:07 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\sifu yoda\Desktop\OTL.exe
[2009/08/07 18:56:20 | 00,359,932 | ---- | C] () -- C:\Users\sifu yoda\Desktop\dds.scr
[2009/08/07 16:59:00 | 00,455,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2009/08/07 16:59:00 | 00,181,760 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2009/08/07 16:59:00 | 00,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2009/08/07 16:59:00 | 00,165,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2009/08/07 16:58:39 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/08/07 16:11:05 | 00,139,264 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2009/08/07 16:11:05 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2009/08/07 16:11:05 | 00,135,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2009/08/05 17:58:37 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\Documents\pinnacle-manualupdate[1]
[2009/07/28 18:46:01 | 09,233,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/07/28 18:46:01 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/07/28 18:46:00 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/07/28 18:45:59 | 12,458,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/07/28 18:45:58 | 02,334,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/07/28 18:45:58 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/07/28 18:45:58 | 01,484,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/07/28 18:45:58 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/07/28 18:45:57 | 01,146,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/07/28 18:45:57 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/07/28 18:45:57 | 00,700,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009/07/28 18:45:57 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/07/28 18:45:57 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/07/28 18:45:57 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/07/28 18:45:57 | 00,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009/07/28 18:45:57 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/07/28 18:45:56 | 01,538,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/07/28 18:45:56 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/07/28 18:45:56 | 00,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009/07/28 18:45:56 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/07/28 18:45:56 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/07/28 18:45:56 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/07/28 18:45:56 | 00,162,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009/07/28 18:45:56 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/07/28 18:45:56 | 00,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009/07/28 18:45:56 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/07/28 18:45:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/07/28 18:45:56 | 00,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/07/28 18:45:56 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/07/28 18:45:56 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/07/28 18:45:55 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/07/28 18:45:55 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/07/28 18:45:55 | 00,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/07/28 18:45:55 | 00,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/07/28 18:45:55 | 00,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/07/28 18:45:55 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/07/28 18:45:55 | 00,057,667 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/07/28 18:45:55 | 00,057,667 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2009/07/28 18:45:55 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/07/28 18:45:55 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/07/28 18:45:55 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/07/28 18:45:55 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/07/27 20:20:28 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\AppData\Roaming\Cool Record Edit Pro
[2009/07/27 19:59:04 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\AppData\Roaming\Free Sound Recorder
[2009/07/27 19:58:56 | 00,001,802 | ---- | C] () -- C:\Users\sifu yoda\Desktop\Cool Record Edit Pro.lnk
[2009/07/27 19:58:56 | 00,000,803 | ---- | C] () -- C:\Users\sifu yoda\Desktop\Free Sound Recorder.lnk
[2009/07/27 19:58:55 | 00,113,486 | ---- | C] () -- C:\Windows\SysWow64\NCTWMAProfiles.prx
[2009/07/27 19:58:54 | 01,986,560 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTAudioFile2.dll
[2009/07/27 19:58:54 | 01,212,416 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioInformation2.dll
[2009/07/27 19:58:54 | 00,880,640 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioEditor2.dll
[2009/07/27 19:58:54 | 00,835,584 | ---- | C] (NCT) -- C:\Windows\SysWow64\NCTAudioCDGrabber2.dll
[2009/07/27 19:58:54 | 00,602,112 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioTransform2.dll
[2009/07/27 19:58:54 | 00,479,232 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioVisualization2.dll
[2009/07/27 19:58:54 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioRecord2.dll
[2009/07/27 19:58:54 | 00,458,752 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTAudioPlayer2.dll
[2009/07/27 19:58:54 | 00,417,792 | ---- | C] (Online Media Technologies Ltd.) -- C:\Windows\SysWow64\NCTTextToAudio2.dll
[2009/07/27 19:58:54 | 00,348,160 | ---- | C] (NCT Company Ltd.) -- C:\Windows\SysWow64\NCTWMAFile2.dll
[2009/07/27 19:58:53 | 00,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll
[2009/07/27 19:58:53 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Free Sound Recorder
[2009/07/27 19:55:35 | 12,307,750 | ---- | C] (CoolMedia Software. ) -- C:\Users\sifu yoda\Desktop\FreeSoundRecorder.exe
[2009/07/27 17:39:12 | 00,008,921 | -HS- | C] () -- C:\Users\sifu yoda\Documents\AlbumArt_{4365A7B7-1C30-4E1F-8E2F-09FC8E9E35B7}_Large.jpg
[2009/07/27 17:39:12 | 00,002,525 | -HS- | C] () -- C:\Users\sifu yoda\Documents\AlbumArt_{4365A7B7-1C30-4E1F-8E2F-09FC8E9E35B7}_Small.jpg
[2009/07/27 17:15:07 | 00,090,289 | ---- | C] () -- C:\Users\sifu yoda\Documents\Sound Check.wma
[2009/07/25 15:44:08 | 08,270,752 | ---- | C] (Dell, Inc. ) -- C:\Users\sifu yoda\AppData\Roaming\DataSafeDotNet.exe
[2009/07/24 14:39:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2009/07/23 16:00:24 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\AppData\Roaming\PlayFirst
[2009/07/23 16:00:24 | 00,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2009/07/23 15:59:11 | 00,001,368 | ---- | C] () -- C:\Users\sifu yoda\Desktop\Play Games.lnk
[2009/07/22 19:00:26 | 00,009,524 | -HS- | C] () -- C:\Users\sifu yoda\Documents\AlbumArt_{A37B7A1A-2FAE-4EE8-85C2-0A8CE1A77176}_Large.jpg
[2009/07/22 19:00:26 | 00,008,921 | -HS- | C] () -- C:\Users\sifu yoda\Documents\Folder.jpg
[2009/07/22 19:00:26 | 00,002,525 | -HS- | C] () -- C:\Users\sifu yoda\Documents\AlbumArtSmall.jpg
[2009/07/22 19:00:26 | 00,002,505 | -HS- | C] () -- C:\Users\sifu yoda\Documents\AlbumArt_{A37B7A1A-2FAE-4EE8-85C2-0A8CE1A77176}_Small.jpg
[2009/07/17 20:25:43 | 00,000,792 | ---- | C] () -- C:\Users\sifu yoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
[2009/07/17 20:25:43 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\Documents\RCA Detective
[2009/07/15 03:00:23 | 00,000,000 | ---D | C] -- C:\cf0824c9129dd65eb6a48422a3537941
[2009/07/14 17:17:04 | 15,308,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll
[2009/07/14 17:17:04 | 13,642,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll
[2009/07/14 17:15:00 | 00,178,432 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/14 17:05:30 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\AppData\Local\The Weather Channel
[2009/07/14 13:39:11 | 00,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2009/07/14 13:39:11 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2009/07/14 13:39:10 | 00,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2009/07/14 13:39:10 | 00,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2009/07/14 13:39:10 | 00,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2009/07/14 13:39:10 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2009/07/14 13:39:10 | 00,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2009/07/14 13:39:10 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dciman32.dll
[2009/07/13 19:06:25 | 02,831,816 | ---- | C] (RCA ) -- C:\Users\sifu yoda\Desktop\PEARL_066F_85A9_0_1420_SIG.EXE
[2009/07/13 17:50:22 | 04,045,979 | ---- | C] () -- C:\Users\sifu yoda\Documents\Gloria (Sound Check).wma
[2009/07/11 20:55:58 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\MP3tunes
[2009/07/11 20:55:19 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\AppData\Local\{058E7DAB-1F55-48A3-892A-ECCA62D23C8F}
[2009/07/11 20:29:00 | 00,000,704 | ---- | C] () -- C:\Users\sifu yoda\Desktop\RCA easyRip.lnk
[2009/07/11 20:28:48 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\Documents\RCA easyRip
[2009/07/11 20:28:09 | 00,001,377 | ---- | C] () -- C:\Users\sifu yoda\Desktop\User_Manual_English_Pearl.pdf.lnk
[2009/07/11 19:39:08 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\AppData\Roaming\eMusic
[2009/07/11 19:39:08 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\AppData\Local\eMusic
[2009/07/11 19:34:51 | 00,000,000 | --SD | C] -- C:\Users\sifu yoda\Desktop\My eMusic
[2009/07/11 19:34:49 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\eMusic Download Manager
[2009/07/11 18:43:04 | 00,000,000 | ---D | C] -- C:\Users\sifu yoda\Desktop\cports-x64
[2009/07/11 18:42:33 | 00,078,082 | ---- | C] () -- C:\Users\sifu yoda\Desktop\cports-x64.zip
[2009/07/09 21:15:27 | 79,969,552 | ---- | C] () -- C:\Users\sifu yoda\Desktop\CIS_Setup_3.10.102363.531_XP_Vista_x64.exe
[2009/07/09 17:19:52 | 00,000,402 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2009/07/09 17:19:46 | 00,001,058 | ---- | C] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk
[2009/07/04 18:58:52 | 00,022,391 | ---- | C] ( ) -- C:\Windows\SysWow64\drivers\samhidb.sys
[2009/06/29 17:45:47 | 00,119,296 | ---- | C] () -- C:\Windows\SysWow64\zlib.dll
[2009/06/29 17:45:47 | 00,057,344 | ---- | C] () -- C:\Windows\SysWow64\ADsSecurity.dll
[2009/06/29 17:45:46 | 00,036,864 | ---- | C] () -- C:\Windows\SysWow64\dxinputdll.dll
[2009/06/28 04:33:30 | 00,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/28 04:31:52 | 00,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009/02/25 20:50:53 | 00,487,424 | ---- | C] () -- C:\Windows\SysWow64\FDRpage910.dll
[2008/01/20 21:50:05 | 00,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006/11/02 07:34:27 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 07:34:27 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini

========== Files - Modified Within 30 Days ==========

[2009/08/07 19:34:15 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\sifu yoda\Desktop\OTL.exe
[2009/08/07 19:26:24 | 00,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2009/08/07 19:26:24 | 00,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2009/08/07 19:26:24 | 00,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2009/08/07 19:23:05 | 00,000,911 | ---- | M] () -- C:\Users\sifu yoda\Desktop\magicJack.lnk
[2009/08/07 19:22:32 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/08/07 19:21:51 | 00,000,408 | ---- | M] () -- C:\Windows\tasks\AWC AutoSweep.job
[2009/08/07 19:20:44 | 00,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/07 19:20:44 | 00,000,402 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2009/08/07 19:20:03 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/07 19:20:03 | 00,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/07 19:20:03 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/07 19:20:00 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/07 19:19:57 | 42,930,54464 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/07 19:18:14 | 04,673,383 | -H-- | M] () -- C:\Users\sifu yoda\AppData\Local\IconCache.db
[2009/08/07 19:00:00 | 00,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/07 18:56:34 | 00,359,932 | ---- | M] () -- C:\Users\sifu yoda\Desktop\dds.scr
[2009/08/07 16:58:48 | 00,455,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deploytk.dll
[2009/08/07 16:58:48 | 00,181,760 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2009/08/07 16:58:48 | 00,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2009/08/07 16:58:48 | 00,165,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2009/08/07 16:03:33 | 00,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A242187F-944F-4BC8-AD43-FFA86EF00C1B}.job
[2009/08/07 16:00:07 | 00,119,296 | ---- | M] () -- C:\Windows\SysWow64\zlib.dll
[2009/08/05 16:57:15 | 00,000,680 | ---- | M] () -- C:\Users\sifu yoda\AppData\Local\d3d9caps.dat
[2009/07/31 12:54:10 | 00,000,420 | ---- | M] () -- C:\Windows\tasks\AWC Update.job
[2009/07/27 19:58:56 | 00,001,802 | ---- | M] () -- C:\Users\sifu yoda\Desktop\Cool Record Edit Pro.lnk
[2009/07/27 19:58:56 | 00,000,803 | ---- | M] () -- C:\Users\sifu yoda\Desktop\Free Sound Recorder.lnk
[2009/07/27 19:55:40 | 12,307,750 | ---- | M] (CoolMedia Software. ) -- C:\Users\sifu yoda\Desktop\FreeSoundRecorder.exe
[2009/07/27 17:39:12 | 00,008,921 | -HS- | M] () -- C:\Users\sifu yoda\Documents\Folder.jpg
[2009/07/27 17:39:12 | 00,008,921 | -HS- | M] () -- C:\Users\sifu yoda\Documents\AlbumArt_{4365A7B7-1C30-4E1F-8E2F-09FC8E9E35B7}_Large.jpg
[2009/07/27 17:39:11 | 00,002,525 | -HS- | M] () -- C:\Users\sifu yoda\Documents\AlbumArtSmall.jpg
[2009/07/27 17:39:11 | 00,002,525 | -HS- | M] () -- C:\Users\sifu yoda\Documents\AlbumArt_{4365A7B7-1C30-4E1F-8E2F-09FC8E9E35B7}_Small.jpg
[2009/07/27 17:15:07 | 00,090,289 | ---- | M] () -- C:\Users\sifu yoda\Documents\Sound Check.wma
[2009/07/25 15:51:00 | 08,270,752 | ---- | M] (Dell, Inc. ) -- C:\Users\sifu yoda\AppData\Roaming\DataSafeDotNet.exe
[2009/07/25 05:23:00 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2009/07/23 15:59:11 | 00,001,368 | ---- | M] () -- C:\Users\sifu yoda\Desktop\Play Games.lnk
[2009/07/22 19:00:26 | 00,009,524 | -HS- | M] () -- C:\Users\sifu yoda\Documents\AlbumArt_{A37B7A1A-2FAE-4EE8-85C2-0A8CE1A77176}_Large.jpg
[2009/07/22 19:00:26 | 00,002,505 | -HS- | M] () -- C:\Users\sifu yoda\Documents\AlbumArt_{A37B7A1A-2FAE-4EE8-85C2-0A8CE1A77176}_Small.jpg
[2009/07/21 17:11:15 | 01,146,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2009/07/21 17:11:04 | 01,484,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\urlmon.dll
[2009/07/21 17:09:54 | 00,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2009/07/21 17:07:37 | 09,233,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.dll
[2009/07/21 17:07:34 | 00,700,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2009/07/21 17:07:34 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009/07/21 17:06:56 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsproxy.dll
[2009/07/21 17:06:48 | 01,538,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2009/07/21 17:06:31 | 02,334,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2009/07/21 17:06:31 | 00,219,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2009/07/21 17:06:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2009/07/21 17:06:31 | 00,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2009/07/21 17:06:30 | 12,458,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieframe.dll
[2009/07/21 17:06:30 | 00,252,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2009/07/21 17:06:30 | 00,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2009/07/21 17:06:27 | 00,458,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2009/07/21 16:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2009/07/21 16:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\urlmon.dll
[2009/07/21 16:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2009/07/21 16:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.dll
[2009/07/21 16:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2009/07/21 16:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009/07/21 16:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsproxy.dll
[2009/07/21 16:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2009/07/21 16:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2009/07/21 16:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2009/07/21 16:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iertutil.dll
[2009/07/21 16:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2009/07/21 16:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieframe.dll
[2009/07/21 16:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2009/07/21 16:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2009/07/21 16:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2009/07/21 15:34:53 | 00,162,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2009/07/21 15:34:41 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2009/07/21 15:34:12 | 00,012,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2009/07/21 15:34:00 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtml.tlb
[2009/07/21 15:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2009/07/21 15:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2009/07/21 15:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2009/07/21 15:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtml.tlb
[2009/07/21 14:09:32 | 00,057,667 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2009/07/21 13:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2009/07/17 20:25:43 | 00,000,792 | ---- | M] () -- C:\Users\sifu yoda\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RCA Detective.lnk
[2009/07/17 20:25:42 | 00,000,704 | ---- | M] () -- C:\Users\sifu yoda\Desktop\RCA easyRip.lnk
[2009/07/17 19:22:49 | 02,831,816 | ---- | M] (RCA ) -- C:\Users\sifu yoda\Desktop\PEARL_066F_85A9_0_1420_SIG.EXE
[2009/07/17 06:50:02 | 00,272,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2009/07/14 17:17:04 | 15,308,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlive.dll
[2009/07/14 17:17:04 | 13,642,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\xlivefnt.dll
[2009/07/14 17:15:00 | 00,178,432 | ---- | M] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009/07/13 17:50:22 | 04,045,979 | ---- | M] () -- C:\Users\sifu yoda\Documents\Gloria (Sound Check).wma
[2009/07/13 13:36:34 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009/07/13 13:36:14 | 00,022,040 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009/07/11 20:28:09 | 00,001,377 | ---- | M] () -- C:\Users\sifu yoda\Desktop\User_Manual_English_Pearl.pdf.lnk
[2009/07/11 18:42:33 | 00,078,082 | ---- | M] () -- C:\Users\sifu yoda\Desktop\cports-x64.zip
[2009/07/11 16:21:01 | 00,000,139 | ---- | M] () -- C:\Users\sifu yoda\Desktop\IObit Freeware.url
[2009/07/09 21:15:28 | 79,969,552 | ---- | M] () -- C:\Users\sifu yoda\Desktop\CIS_Setup_3.10.102363.531_XP_Vista_x64.exe
[2009/07/09 17:19:46 | 00,001,058 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 124 bytes -> C:\Windows\SysWow64\zlib.dll:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Windows\SysWow64\zlib.dll:DocumentSummaryInformation
< End of report >


Extras.Txt

OTL Extras logfile created on: 8/7/2009 7:37:22 PM - Run 1
OTL by OldTimer - Version 3.0.10.4 Folder = C:\Users\sifu yoda\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.54 Gb Available Physical Memory | 63.53% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450.70 Gb Total Space | 342.95 Gb Free Space | 76.09% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 7.26 Gb Free Space | 48.42% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1.63 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 17.59 Mb Total Space | 17.31 Mb Free Space | 98.38% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SIFUYODA-PC
Current User Name: sifu yoda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data]
"VistaSp2" = 71 76 1F 8F D9 F7 C9 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A606E18-D312-41D1-A65F-6704B9C297B7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A5717D80-476D-4B03-8FA6-B06E0F4FB83F}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14572CAD-170D-4781-992A-73FBC3A34ADA}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dms\clmsservice.exe |
"{23953885-6C04-4E63-A8E9-4CC8A87AC1AF}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{26908B2A-0226-426A-970D-1D1F87310AAB}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{395E6DBD-FB87-4134-BD04-BF5B1FBD428A}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{3BA90F5F-F544-4CE6-8715-C85FA71565A5}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{3F7DD65C-4F06-4AAD-AE77-F446A33CB39A}" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{4AC62C47-F9E3-4E52-B552-8D7B63ECCB64}" = dir=in | app=c:\program files (x86)\dell\mediadirect\mediadirect.exe |
"{61BFE272-8B8D-411A-ACBD-3E5301826B18}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6A456C0C-D7F9-495D-B44B-2A6F0810B5A7}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{6C4648EC-31EA-4C21-8DA1-78E67878F2AD}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{72D9CF0B-0786-4725-B414-B112266FB5E1}" = dir=in | app=c:\program files (x86)\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{811D7617-DB59-4276-9539-6892C6F2AC18}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{81AD7364-1581-4AE4-A71B-09DA83B0F0D4}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{88EB426E-0974-4640-BCF7-ED90AD9BBFE2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{9C39449F-2287-44F2-8137-EE6D5B07B355}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{ACD1204A-7742-463B-8D82-338A5DA1B910}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{B59D8C05-F627-4B07-9DFD-951DE57E52AA}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{BFC4CBF8-F971-47BB-9791-93A7B6793F78}" = dir=in | app=c:\program files (x86)\dell\mediadirect\pcmservice.exe |
"{CEB25678-0200-4431-A0BA-4144065DA846}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"TCP Query User{3EDF7AB6-92CC-4FD0-8380-759CE88CE3C8}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"TCP Query User{BD45FB9B-FC89-4945-8AC6-464C7D048A83}C:\users\sifu yoda\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\sifu yoda\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{CC2615C6-30A9-4A81-971A-7A056A7FB0EE}C:\users\sifu yoda\program files (x86)\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\sifu yoda\program files (x86)\dna\btdna.exe |
"TCP Query User{F9DCA8A8-0323-4F17-A21E-E2F2DEC2C87C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{165508E8-6B4F-421D-A5DA-DE035037F816}C:\users\sifu yoda\program files (x86)\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\sifu yoda\program files (x86)\dna\btdna.exe |
"UDP Query User{4A47FF12-5FEB-4E2A-9388-0D2BB40654F0}C:\users\sifu yoda\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\sifu yoda\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{951C363E-09D0-42ED-828A-6220DD105E7D}C:\program files (x86)\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tvuplayer\tvuplayer.exe |
"UDP Query User{A8460AE3-C55D-4FA0-AE57-AFF4611CAE08}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D3BAD4-28ED-4EF2-A369-D148A240D0B3}" = Foxit PDF IFilter
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java™ 6 Update 15 (64-bit)
"{838F7AB2-5DFE-60B3-1030-43ACC3454CD2}" = ccc-utility64
"{88EB92AB-ABD3-E13C-3AEE-B7518354B55A}" = ATI Catalyst Install Manager
"{8AB5E15C-BDCB-7A93-9DBF-19C2DF39D0C7}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AE303591-1BFC-48B3-881B-655298C4EDE0}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}" = Bonjour
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{020D8396-D6D9-4B53-A9A1-83C47E2E27AA}" = Windows Live Call
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0DB1C665-97DD-F405-1D03-60ED1DA95510}" = Catalyst Control Center Graphics Previews Vista
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2B4C7E1E-E446-4740-ADB5-9842E742EE8A}" = Windows Live Toolbar
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3EA5D881-A648-B489-F113-3A7D99EC936F}" = Catalyst Control Center InstallProxy
"{3FE799B6-6493-AD47-A5FA-F3FE144C7EF0}" = Catalyst Control Center HydraVision Full
"{49BF48CC-ABB6-4795-9B35-B5DE005D8612}" = Pinnacle Game Profiler
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5E0322C6-8CA9-A4BD-E9DC-CC8D8E7CB99E}" = Catalyst Control Center Graphics Previews Common
"{5F06BE49-28E6-771F-A57A-7AC8C97F38E1}" = Catalyst Control Center Core Implementation
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{75C89AB1-F888-6B0B-6BB4-A06ED4BDDFC0}" = Catalyst Control Center Graphics Full Existing
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7D21905A-5DB7-2F4C-4E97-80F352D2C3A9}" = Catalyst Control Center Graphics Previews Vista
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8214D5AF-8BA8-3551-A859-5EBDBD30D2FA}" = Catalyst Control Center Core Implementation
"{8380D40E-291B-144A-554F-4877F4B439DB}" = Catalyst Control Center InstallProxy
"{85693740-CB33-8E46-D05A-22EEAC2C14C3}" = Catalyst Control Center Graphics Full New
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A0D9C6B-ACB8-738E-2D1A-B437E2CF36B6}" = Catalyst Control Center Graphics Full Existing
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91155C7C-3404-C96D-78DA-E1D6AF73F6DA}" = Catalyst Control Center Graphics Full New
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A0422738-2E4A-B01F-D19E-ED0379A3C3CC}" = CCC Help English
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B45FABE7-D101-4D99-A671-E16DA40AF7F0}" = Microsoft Games for Windows - LIVE
"{B471481F-8743-85EF-B551-45ED91BEEE76}" = Catalyst Control Center Graphics Previews Common
"{B578C85A-A84C-4230-A177-C5B2AF565B8C}" = Microsoft Games for Windows - LIVE Redistributable
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C874DC88-F5E2-D566-2880-22A2FDA0C69C}" = CCC Help English
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{D259350E-936C-C6C0-5FDF-B6B4B95731ED}" = Catalyst Control Center Graphics Light
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D9D754A1-EAC5-406C-A28B-C49B1E846711}" = Windows Live Essentials
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E96A2C11-1139-7A34-C529-4D21832A34F6}" = Catalyst Control Center Graphics Light
"{EB2340D4-21DF-54B3-4C52-6C4F4B19F46D}" = ccc-core-static
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F73A5B18-EB75-4B2C-B32D-9457576E2417}" = Windows Live Photo Gallery
"{FDD810CA-D5E3-40E9-AB7B-36440B0D41EF}" = Windows Live Sync
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"avast!" = avast! Antivirus
"Belarc Advisor" = Belarc Advisor 7.2
"Dell Video Chat" = Dell Video Chat (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"Foxit Reader" = Foxit Reader
"Free Sound Recorder_is1" = Free Sound Recorder v7.9.1
"Game Booster_is1" = Game Booster
"Google Updater" = Google Updater
"KeyScrambler" = KeyScrambler
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Philips Wireless PC Controller" = Philips Wireless PC Controller
"RCA Detective™_is1" = RCA Detective™ 2.0.0.99
"RCA easyRip_is1" = RCA easyRip 2.1.7.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"SystemRequirementsLab" = System Requirements Lab
"TVUPlayer" = TVUPlayer 2.4.5.3
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 8/7/2009 5:33:24 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\sifu yoda\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E180131F-8399-11DE-8A03-00219B216781}.dat
failed, 00000005.

Error - 8/7/2009 7:34:48 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\sifu yoda\AppData\Local\Temp\~DF72D5.tmp failed, 00000005.

Error - 8/7/2009 7:50:28 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/7/2009 7:50:28 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/7/2009 7:50:28 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/7/2009 7:50:28 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/7/2009 7:50:28 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/7/2009 7:50:30 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: unhandled exception!,
7C3A497A.

Error - 8/7/2009 7:50:52 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: Aavm: FetchGlobalCounters cannot open mapping
- server DOWN???, 00000002.

Error - 8/7/2009 8:37:36 PM | Computer Name = sifuyoda-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Users\sifu yoda\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{CF021236-83B1-11DE-AC5A-00219B216781}.dat
failed, 00000005.

[ Application Events ]
Error - 7/24/2009 3:39:32 PM | Computer Name = sifuyoda-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/24/2009 3:39:56 PM | Computer Name = sifuyoda-PC | Source = System Restore | ID = 8193
Description =

Error - 7/24/2009 4:33:31 PM | Computer Name = sifuyoda-PC | Source = Application Hang | ID = 1002
Description = The program Fallout3.exe version 1.6.0.3 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1508 Start Time: 01ca0c9c393764d7 Termination Time: 69

Error - 7/24/2009 4:43:34 PM | Computer Name = sifuyoda-PC | Source = WinMgmt | ID = 10
Description =

Error - 7/24/2009 8:42:59 PM | Computer Name = sifuyoda-PC | Source = Application Hang | ID = 1002
Description = The program Fallout3.exe version 1.6.0.3 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 13f4 Start Time: 01ca0c9fb0bb1585 Termination Time: 217

Error - 7/25/2009 6:28:26 AM | Computer Name = sifuyoda-PC | Source = Application Error | ID = 1000
Description = Faulting application SearchIndexer.exe, version 7.0.6002.18005, time
stamp 0x49e03333, faulting module TQUERY.DLL, version 7.0.6002.18005, time stamp
0x49e0422e, exception code 0xc0000005, fault offset 0x0000000000141be1, process
id 0x9a0, application start time 0x01ca0c9f3be40325.

Error - 7/25/2009 6:39:56 AM | Computer Name = sifuyoda-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 8.0.6001.18702 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 105c Start Time: 01ca0d104860b0f5 Termination Time: 0

Error - 7/26/2009 4:00:43 AM | Computer Name = sifuyoda-PC | Source = System Restore | ID = 8193
Description =

Error - 7/26/2009 4:00:51 AM | Computer Name = sifuyoda-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 7/26/2009 1:19:26 PM | Computer Name = sifuyoda-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 6/20/2009 8:57:02 PM | Computer Name = sifuyoda-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/20/2009 8:57:16 PM | Computer Name = sifuyoda-PC | Source = HTTP | ID = 15016
Description =

Error - 6/20/2009 9:31:31 PM | Computer Name = sifuyoda-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 6/20/2009 10:10:26 PM | Computer Name = sifuyoda-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/20/2009 10:10:38 PM | Computer Name = sifuyoda-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/20/2009 10:11:08 PM | Computer Name = sifuyoda-PC | Source = HTTP | ID = 15016
Description =

Error - 6/22/2009 1:43:03 PM | Computer Name = sifuyoda-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/22/2009 1:43:18 PM | Computer Name = sifuyoda-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 12:41:32 PM on 6/22/2009 was unexpected.

Error - 6/22/2009 1:43:14 PM | Computer Name = sifuyoda-PC | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 6/22/2009 1:43:25 PM | Computer Name = sifuyoda-PC | Source = HTTP | ID = 15016
Description =


< End of report >

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:26 PM

Posted 08 August 2009 - 05:18 PM

Hi ozhawk,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

I will be back soon with the first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:26 PM

Posted 08 August 2009 - 05:35 PM

Hi ozhawk,

There is nothing visible in the OTL logs.

Let's run a few scans and see what we can find.

We need to scan for Rootkits with GMER
  • Please download GMER from one of the following locations, and save it to your desktop, please rename it as gamer.exe.
    • Main Mirror
      This version will download a randomly named file (Recommended)
    • Zip Mirror
      This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • Allow the gmer.sys driver to load if asked.
  • You may see this window. If you do, click No.
    Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.


Let's also run this

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#8 ozhawk

ozhawk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 08 August 2009 - 11:17 PM

Hi. I didn't know that it would cause problems, but I downloaded the new version of Keyscrambler and reloaded Pinnacle since doing the above scans. Let me know if I need to start from scratch. If I do I will resend all of the reports.

GMER's Log file was completely blank (no entries)

Here is the Malwarebytes logfile (I have two others if you need them)

Malwarebytes' Anti-Malware 1.40
Database version: 2583
Windows 6.0.6002 Service Pack 2

8/8/2009 10:32:40 PM
mbam-log-2009-08-08 (22-32-40).txt

Scan type: Full Scan (C:\|D:\|F:\|G:\|)
Objects scanned: 259793
Time elapsed: 37 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Many Thanks

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:26 PM

Posted 09 August 2009 - 12:14 PM

You may be having problems but so far they aren't malware problems.

I would like to run an online scan and see if we have infected files here.

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Let's see what it finds :thumbup2:
Posted Image
m0le is a proud member of UNITE

#10 ozhawk

ozhawk
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:02:26 PM

Posted 11 August 2009 - 08:07 PM

Here it is:

C:\Users\sifu yoda\AppData\Local\Citrix\GoToAssist\GoToAssist_phone_application_516_en.exe probably unknown NewHeur_PE virus deleted - quarantined

Thanks
ozhawk

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:26 PM

Posted 12 August 2009 - 02:10 PM

One infected file. :thumbup2:

How is the PC running now. What are the problems that you are still encountering?
Posted Image
m0le is a proud member of UNITE

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:26 PM

Posted 15 August 2009 - 06:59 PM

Hi ozhawk,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:26 PM

Posted 16 August 2009 - 02:13 PM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :thumbup2:

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users