Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

NT Authority System Shutdown In 60 Seconds Help


  • This topic is locked This topic is locked
12 replies to this topic

#1 wildunc1

wildunc1

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 01 October 2009 - 04:30 PM

I have had this problem for some time. McAfee didn't catch it and now my Windows Installer is corrupted. I just ran "hijackthis" and have included the report below. Any help would be great.
My computer is a Dell Inspiron 9100, XP (completely updated), IE8. Just about everyother start up I get the box pop up that says "NT Authority\System has had an error and will shut down in 60 seconds". I then go to Start, Run, Shutdown -a. This stops the shutdown. I should have done something before now but I haven't needed to install anything new until now. I just purchased a new printer/scanner and cannot install the software.
Thanks
Troy

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:00 PM, on 10/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local
R3 - URLSearchHook: AVG Security Toolbar BHO -

{A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program

Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter -

{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program

Files\AVG\AVG8\avgssie.dll
O2 - BHO: WebCGMHlprObj Class - {56B38F40-4E70-11d4-A076-0080AD86BA2F} -

C:\WINDOWS\system32\cgmopenbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program

Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper -

{9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} -

C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910}

- C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper -

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows

Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -

C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068}

- C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -

C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control

Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows

Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media

Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater]

C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465

-"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET

CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)"

-"http://theclonewars.cartoonnetwork.com/games/game_02.html"
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default

user')
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer -

{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} (ScrabbleCubes Control) -

http://www.worldwinner.com/games/v47/scrab...rabblecubes.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) -

http://www.worldwinner.com/games/v47/share...GamesLoader.cab
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) -

file://D:\components\Liquid.ocx
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control)

- file://D:\components\hidinputmonitorx.ocx
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} (SolitaireRush Control) -

http://www.worldwinner.com/games/v47/solit...litairerush.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -

http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) -

file://D:\components\A9.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://v5.windowsupdate.microsoft.com/v5co.../x86/client/wuw

eb_site.cab?1094693786660
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object)

- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdat...86/client/muweb

_site.cab?1145839828688
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -

http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) -

http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) -

http://www.worldwinner.com/games/v57/wof/wof.cab
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} (SwapIt Control) -

http://www.worldwinner.com/games/v67/swapit/swapit.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -

http://cdn2.zone.msn.com/binFramework/v10/...o.cab102118.cab
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} (Royal Control) -

http://www.worldwinner.com/games/v45/royal/royal.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} -

C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -

C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: GoToAssist - C:\Program

Files\Citrix\GoToAssist\516\G2AWinLogon.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -

C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. -

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program

Files\DellSupport\brkrsvc.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc.

- C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel

32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program

Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program

Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -

C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Unknown owner -

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe

(file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program

Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter)

(sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell

Support Center\bin\sprtsvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner -

C:\WINDOWS\System32\WLTRYSVC.EXE
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 12982 bytes

BC AdBot (Login to Remove)

 


#2 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 PM

Posted 02 October 2009 - 09:41 AM

Hi wildunc1,



Welcome to BleepingComputer HijackThis Logs and Malware Removal, :(
My name is sundavis, I will be helping you to deal with your Malware problems today.

Uncheck Word Wrap under Format menu in the log before proceeding copy/paste logs into this thread.

If you have shutdown problem, you may use Shutdown -a command or make a bat file while the system pops up system shutdown warning. Launch your Notepad and copy/paste the content of code box into it.

@shutdown -a
Save this as remove.bat. Choose to save as "All files" and place it on your desktop. It should look like this:Posted Image

Double click it while the system warning presents. It will stop the shutdown process and running the program as instructed as follows:


Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2

Please download Malwarebytes' Anti-Malware from Here or Here
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Step3

Please go to Here and Download System Repair Engine by smallfrogs

  • Extract it to Desktop & double click SREng.exe to run it
  • Select 'Smart Scan' & tick "Verify the digital signatures of process modules"
  • Click on the Scan button
  • Before scanning the computer, Close all browsers and other programs except SREng.
  • When finished, click on the Save Reports button & save the log to Desktop
  • You can refer to this thread for your reference.


In your next reply, please post back:


1.GMER log
2.MBAM log
3.SREng log Thanks.

#3 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 PM

Posted 06 October 2009 - 02:12 AM

Due to Lack of feedback, this topic is now Closed.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 PM

Posted 06 October 2009 - 06:08 PM

Reopen as OP requested.

#5 wildunc1

wildunc1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 06 October 2009 - 06:40 PM

Here are all three reports. Thanks for the help.

GMER

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-06 05:17:43
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Troy\LOCALS~1\Temp\pxtyqpob.sys


---- System - GMER 1.0.15 ----

SSDT 86D41A00 ZwEnumerateValueKey

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 86D3DAD0
Device \FileSystem\Mup \Dfs 86D3DAD0
Device \FileSystem\NetBIOS \Device\Netbios 86D3DAD0

AttachedDevice \Driver\Tcpip \Device\Ip 86D40410

Device \FileSystem\RAW \Device\RawTape 86D3DAD0

AttachedDevice \Driver\Tcpip \Device\Tcp 86D40410
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \Driver\AvgTdiX \Device\AvgTdi 86D40410
Device \FileSystem\AvgMfx86 \Device\Avg7Rs 86D3DAD0
Device \FileSystem\Rdbss \Device\FsWrap 86D3DAD0
Device \FileSystem\Mup \Device\Mup 86D3DAD0

AttachedDevice \Driver\Tcpip \Device\Udp 86D40410
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp 86D40410
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)

Device \FileSystem\RAW \Device\RawDisk 86D3DAD0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 86D3DAD0
Device \FileSystem\MRxSmb \Device\LanmanRedirector 86D3DAD0
Device \FileSystem\Npfs \Device\NamedPipe 86D3DAD0
Device \FileSystem\Msfs \Device\Mailslot 86D3DAD0
Device \FileSystem\RAW \Device\RawCdRom 86D3DAD0
Device \FileSystem\Mup \Device\WinDfs\Root 86D3DAD0
Device \FileSystem\Fastfat \Fat A74C9D20

AttachedDevice \FileSystem\Fastfat \Fat 86D3DAD0
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 86D3DAD0
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 86D3DAD0
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 86D3DAD0
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 86D3DAD0
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 86D3DAD0

---- Threads - GMER 1.0.15 ----

Thread System [4:484] 86D41690

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@PromoReg C:\WINDOWS\System32\svchost.exe
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\Backup 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\Backup\new 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\Backup\new\contacts.edb 2121728 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\Backup\new\contacts.pat 16384 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\Backup\new\edb00001.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\contacts.edb 2113536 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\contacts.pat 16384 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\dbstore.ini 174 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\edb.chk 8192 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\LogFiles 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\LogFiles\edb.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\LogFiles\edb00001.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\LogFiles\res1.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{8021dc26-c232-42cf-92fd-3260a9aa1732}\DBStore\LogFiles\res2.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\contacts.edb 2113536 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\dbstore.ini 47 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\edb.chk 8192 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\LogFiles 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\LogFiles\edb.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\LogFiles\edbtmp.log 1048576 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\LogFiles\res1.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\LogFiles\res2.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{94bdba0f-ef15-48da-a5aa-6173efa0de1f}\DBStore\tempedb.edb 131072 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\Backup 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\Backup\new 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\Backup\new\contacts.edb 2121728 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\Backup\new\contacts.pat 16384 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\Backup\new\edb00001.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\contacts.edb 2113536 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\contacts.pat 16384 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\dbstore.ini 137 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\edb.chk 8192 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\LogFiles 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\LogFiles\edb.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\LogFiles\edb00001.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\LogFiles\res1.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{bf39f470-af36-43dd-a429-aa790c3007c9}\DBStore\LogFiles\res2.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\contacts.edb 2113536 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\dbstore.ini 47 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\edb.chk 8192 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\LogFiles 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\LogFiles\edb.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\LogFiles\edbtmp.log 1048576 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\LogFiles\res1.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\LogFiles\res2.log 4194304 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Live Contacts\{cb07a25f-6b20-4e57-91e3-4a7652e0177a}\DBStore\tempedb.edb 131072 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Media\10.0 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD 498 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML 13191 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Media\11.0 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.DTD 498 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\Microsoft\Windows Media\11.0\WMSDKNS.XML 11259 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\MTV Networks\Urge 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\PowerDVD\a2dda9d08bb70339.jpg 49929 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\PowerDVD\ar.cbk 5120 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\PowerDVD\Config.xml 852 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\PowerDVD\UserName.xml 136 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\1ea4e689-7986-443d-ba9e-9fc19b12a532.33 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\1ea4e689-7986-443d-ba9e-9fc19b12a532.33\1ea4e689-7986-443d-ba9e-9fc19b12a532.33.xml 2456 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\1ea4e689-7986-443d-ba9e-9fc19b12a532.33\Description.html 5950 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\25bc49cf-88a8-4d1e-b345-797337e8dd81.5 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\25bc49cf-88a8-4d1e-b345-797337e8dd81.5\25bc49cf-88a8-4d1e-b345-797337e8dd81.5.xml 2492 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\25bc49cf-88a8-4d1e-b345-797337e8dd81.5\Description.html 4266 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\40829b74-9904-4413-8434-5a9dcd5b92d9.3 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\40829b74-9904-4413-8434-5a9dcd5b92d9.3\40829b74-9904-4413-8434-5a9dcd5b92d9.3.xml 2455 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\40829b74-9904-4413-8434-5a9dcd5b92d9.3\Description.html 5490 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\49fee249-aa00-4bcf-b085-d67233e91691.16 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\49fee249-aa00-4bcf-b085-d67233e91691.16\49fee249-aa00-4bcf-b085-d67233e91691.16.xml 2451 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\49fee249-aa00-4bcf-b085-d67233e91691.16\Description.html 6323 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\4dab1eea-b2a1-4ae4-8a71-da8a5207e011.28 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\4dab1eea-b2a1-4ae4-8a71-da8a5207e011.28\4dab1eea-b2a1-4ae4-8a71-da8a5207e011.28.xml 2473 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\4dab1eea-b2a1-4ae4-8a71-da8a5207e011.28\Description.html 3876 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\56a4a4ad-6df7-49ec-b41d-e9bb15367dc4.29 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\56a4a4ad-6df7-49ec-b41d-e9bb15367dc4.29\56a4a4ad-6df7-49ec-b41d-e9bb15367dc4.29.xml 2442 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\56a4a4ad-6df7-49ec-b41d-e9bb15367dc4.29\Description.html 880 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\5e997fba-e988-4f68-8808-ca73369ee93a.8 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\5e997fba-e988-4f68-8808-ca73369ee93a.8\5e997fba-e988-4f68-8808-ca73369ee93a.8.xml 2458 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\5e997fba-e988-4f68-8808-ca73369ee93a.8\Description.html 888 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\73f0c16b-320a-4160-8973-62eb69bc3a76.32 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\73f0c16b-320a-4160-8973-62eb69bc3a76.32\73f0c16b-320a-4160-8973-62eb69bc3a76.32.xml 2440 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\73f0c16b-320a-4160-8973-62eb69bc3a76.32\Description.html 1212 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\76452943-ba1e-44c9-b114-00c825315c38.19 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\76452943-ba1e-44c9-b114-00c825315c38.19\76452943-ba1e-44c9-b114-00c825315c38.19.xml 2453 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\76452943-ba1e-44c9-b114-00c825315c38.19\Description.html 4965 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\778545bc-4f3c-43a2-8f2e-c83c725de4df.11 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\778545bc-4f3c-43a2-8f2e-c83c725de4df.11\778545bc-4f3c-43a2-8f2e-c83c725de4df.11.xml 2443 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\778545bc-4f3c-43a2-8f2e-c83c725de4df.11\Description.html 3794 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\a26f76dd-621b-4bf1-8e5e-df7a6562b875.26 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\a26f76dd-621b-4bf1-8e5e-df7a6562b875.26\a26f76dd-621b-4bf1-8e5e-df7a6562b875.26.xml 2494 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\a26f76dd-621b-4bf1-8e5e-df7a6562b875.26\Description.html 502 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\a80767f2-1141-4a99-ba47-81da1e44220b.13 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\a80767f2-1141-4a99-ba47-81da1e44220b.13\a80767f2-1141-4a99-ba47-81da1e44220b.13.xml 2447 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\a80767f2-1141-4a99-ba47-81da1e44220b.13\Description.html 5704 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\b11e6f21-5d4c-4ca5-850f-90150476b1b9.20 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\b11e6f21-5d4c-4ca5-850f-90150476b1b9.20\b11e6f21-5d4c-4ca5-850f-90150476b1b9.20.xml 2484 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\b11e6f21-5d4c-4ca5-850f-90150476b1b9.20\Description.html 2794 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\b907c7bc-c4b0-4669-85d6-f59e1e960c36.23 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\b907c7bc-c4b0-4669-85d6-f59e1e960c36.23\b907c7bc-c4b0-4669-85d6-f59e1e960c36.23.xml 2452 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\b907c7bc-c4b0-4669-85d6-f59e1e960c36.23\Description.html 4749 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\bcdf0fa0-7709-4d41-b830-5962ef6935a4.3 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\bcdf0fa0-7709-4d41-b830-5962ef6935a4.3\bcdf0fa0-7709-4d41-b830-5962ef6935a4.3.xml 2460 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\bcdf0fa0-7709-4d41-b830-5962ef6935a4.3\Description.html 6232 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cb64f47d-0f7b-4492-82c1-41a11fcd03d7.45 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cb64f47d-0f7b-4492-82c1-41a11fcd03d7.45\cb64f47d-0f7b-4492-82c1-41a11fcd03d7.45.xml 2445 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cb64f47d-0f7b-4492-82c1-41a11fcd03d7.45\Description.html 5824 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cda528b1-5d80-43b0-9649-1b6bed799c6d.49 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cda528b1-5d80-43b0-9649-1b6bed799c6d.49\cda528b1-5d80-43b0-9649-1b6bed799c6d.49.xml 2439 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cda528b1-5d80-43b0-9649-1b6bed799c6d.49\Description.html 3910 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cdb045fd-8275-4bf7-ba6c-b17e76dc2e26.31 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cdb045fd-8275-4bf7-ba6c-b17e76dc2e26.31\cdb045fd-8275-4bf7-ba6c-b17e76dc2e26.31.xml 2444 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\cdb045fd-8275-4bf7-ba6c-b17e76dc2e26.31\Description.html 1330 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\dbc4d8c0-1e47-41bb-8fe8-4bde68222298.27 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\dbc4d8c0-1e47-41bb-8fe8-4bde68222298.27\dbc4d8c0-1e47-41bb-8fe8-4bde68222298.27.xml 2463 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\dbc4d8c0-1e47-41bb-8fe8-4bde68222298.27\Description.html 4003 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\f2b706ac-3d19-44ed-8da5-ee98b4a6a256.57 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\f2b706ac-3d19-44ed-8da5-ee98b4a6a256.57\Description.html 4248 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\f2b706ac-3d19-44ed-8da5-ee98b4a6a256.57\f2b706ac-3d19-44ed-8da5-ee98b4a6a256.57.xml 2447 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\40248a18-8ce5-4d27-9753-b547ee10dd68.31 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\40248a18-8ce5-4d27-9753-b547ee10dd68.31\40248a18-8ce5-4d27-9753-b547ee10dd68.31.xml 2474 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\0c81c9f4-8f7b-4bf0-a94b-3a18728e2b01\40248a18-8ce5-4d27-9753-b547ee10dd68.31\Description.html 4830 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\0148bccd-6f35-472e-90c5-7d79e9219b7e.15 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\0148bccd-6f35-472e-90c5-7d79e9219b7e.15\0148bccd-6f35-472e-90c5-7d79e9219b7e.15.xml 3396 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\0148bccd-6f35-472e-90c5-7d79e9219b7e.15\composite.cab 3185 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\0148bccd-6f35-472e-90c5-7d79e9219b7e.15\resources.html 743 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\0148bccd-6f35-472e-90c5-7d79e9219b7e.15\script.htm 1881 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\14d5eccb-4a6f-4768-9873-89203d9e08e8.24 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\14d5eccb-4a6f-4768-9873-89203d9e08e8.24\14d5eccb-4a6f-4768-9873-89203d9e08e8.24.xml 3678 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\14d5eccb-4a6f-4768-9873-89203d9e08e8.24\composite.cab 4550 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\14d5eccb-4a6f-4768-9873-89203d9e08e8.24\resources.html 10043 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\14d5eccb-4a6f-4768-9873-89203d9e08e8.24\script.htm 3114 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\206c23aa-1b62-44a2-ab87-4523339cf82d.21 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\206c23aa-1b62-44a2-ab87-4523339cf82d.21\206c23aa-1b62-44a2-ab87-4523339cf82d.21.xml 3695 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\206c23aa-1b62-44a2-ab87-4523339cf82d.21\composite.cab 4132 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\206c23aa-1b62-44a2-ab87-4523339cf82d.21\resources.html 11626 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\206c23aa-1b62-44a2-ab87-4523339cf82d.21\script.htm 2790 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24106ebc-1f48-46a5-87d2-39938cf5034c.43 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24106ebc-1f48-46a5-87d2-39938cf5034c.43\24106ebc-1f48-46a5-87d2-39938cf5034c.43.xml 3719 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24106ebc-1f48-46a5-87d2-39938cf5034c.43\composite.cab 4613 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24106ebc-1f48-46a5-87d2-39938cf5034c.43\resources.html 10374 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24106ebc-1f48-46a5-87d2-39938cf5034c.43\script.htm 3126 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24424e50-ed99-4ad5-a2da-fce71dba1baf.12 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24424e50-ed99-4ad5-a2da-fce71dba1baf.12\24424e50-ed99-4ad5-a2da-fce71dba1baf.12.xml 3465 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24424e50-ed99-4ad5-a2da-fce71dba1baf.12\composite.cab 3184 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24424e50-ed99-4ad5-a2da-fce71dba1baf.12\resources.html 711 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\24424e50-ed99-4ad5-a2da-fce71dba1baf.12\script.htm 1864 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\2def661d-b2d0-4e91-803f-a0a7a04409fd.30 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\2def661d-b2d0-4e91-803f-a0a7a04409fd.30\2def661d-b2d0-4e91-803f-a0a7a04409fd.30.xml 3279 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\2def661d-b2d0-4e91-803f-a0a7a04409fd.30\composite.cab 3160 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\2def661d-b2d0-4e91-803f-a0a7a04409fd.30\resources.html 10519 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\2def661d-b2d0-4e91-803f-a0a7a04409fd.30\script.htm 2710 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\45d01974-622e-44d5-adda-f43a3cba848e.23 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\45d01974-622e-44d5-adda-f43a3cba848e.23\45d01974-622e-44d5-adda-f43a3cba848e.23.xml 3180 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\45d01974-622e-44d5-adda-f43a3cba848e.23\composite.cab 10736 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\45d01974-622e-44d5-adda-f43a3cba848e.23\resources.html 15466 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\45d01974-622e-44d5-adda-f43a3cba848e.23\script.htm 5037 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\46619d57-629e-4e2a-be5c-6de54b323a38.21 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\46619d57-629e-4e2a-be5c-6de54b323a38.21\46619d57-629e-4e2a-be5c-6de54b323a38.21.xml 3721 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\46619d57-629e-4e2a-be5c-6de54b323a38.21\composite.cab 4141 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\46619d57-629e-4e2a-be5c-6de54b323a38.21\resources.html 10329 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\46619d57-629e-4e2a-be5c-6de54b323a38.21\script.htm 2798 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\49c0618b-76c4-4409-b8af-f1492079190a.38 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\49c0618b-76c4-4409-b8af-f1492079190a.38\49c0618b-76c4-4409-b8af-f1492079190a.38.xml 3294 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\49c0618b-76c4-4409-b8af-f1492079190a.38\composite.cab 3288 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\49c0618b-76c4-4409-b8af-f1492079190a.38\resources.html 10495 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\49c0618b-76c4-4409-b8af-f1492079190a.38\script.htm 3374 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4afaac7c-54e7-416a-b82a-a5ef740f2518.9 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4afaac7c-54e7-416a-b82a-a5ef740f2518.9\4afaac7c-54e7-416a-b82a-a5ef740f2518.9.xml 3138 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4afaac7c-54e7-416a-b82a-a5ef740f2518.9\composite.cab 9712 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4afaac7c-54e7-416a-b82a-a5ef740f2518.9\resources.html 11443 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4afaac7c-54e7-416a-b82a-a5ef740f2518.9\script.htm 2523 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5e8b44a4-7368-4f44-9df9-8a0dd9481dcd.24 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5e8b44a4-7368-4f44-9df9-8a0dd9481dcd.24\5e8b44a4-7368-4f44-9df9-8a0dd9481dcd.24.xml 3791 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5e8b44a4-7368-4f44-9df9-8a0dd9481dcd.24\composite.cab 4109 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5e8b44a4-7368-4f44-9df9-8a0dd9481dcd.24\resources.html 12978 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5e8b44a4-7368-4f44-9df9-8a0dd9481dcd.24\script.htm 2780 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\674a1f8e-1b26-4810-84ba-07c1b445789e.21 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\674a1f8e-1b26-4810-84ba-07c1b445789e.21\674a1f8e-1b26-4810-84ba-07c1b445789e.21.xml 3670 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\674a1f8e-1b26-4810-84ba-07c1b445789e.21\composite.cab 4139 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\674a1f8e-1b26-4810-84ba-07c1b445789e.21\resources.html 9769 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\674a1f8e-1b26-4810-84ba-07c1b445789e.21\script.htm 2794 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6866de41-62d7-4417-89a2-b6c8bd25ff76.42 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6866de41-62d7-4417-89a2-b6c8bd25ff76.42\6866de41-62d7-4417-89a2-b6c8bd25ff76.42.xml 3614 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6866de41-62d7-4417-89a2-b6c8bd25ff76.42\composite.cab 4550 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6866de41-62d7-4417-89a2-b6c8bd25ff76.42\resources.html 9977 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6866de41-62d7-4417-89a2-b6c8bd25ff76.42\script.htm 3104 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6985ff29-15f3-4600-ade7-13dd604e7916.19 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6985ff29-15f3-4600-ade7-13dd604e7916.19\6985ff29-15f3-4600-ade7-13dd604e7916.19.xml 3694 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6985ff29-15f3-4600-ade7-13dd604e7916.19\composite.cab 4123 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6985ff29-15f3-4600-ade7-13dd604e7916.19\resources.html 11423 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6985ff29-15f3-4600-ade7-13dd604e7916.19\script.htm 2784 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6d817932-9575-4efb-adb6-2c461d596af4.25 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6d817932-9575-4efb-adb6-2c461d596af4.25\6d817932-9575-4efb-adb6-2c461d596af4.25.xml 3595 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6d817932-9575-4efb-adb6-2c461d596af4.25\composite.cab 4107 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6d817932-9575-4efb-adb6-2c461d596af4.25\resources.html 9971 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6d817932-9575-4efb-adb6-2c461d596af4.25\script.htm 2776 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6ea9f45a-8afb-4463-a4d8-b06237ccedb3.27 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6ea9f45a-8afb-4463-a4d8-b06237ccedb3.27\6ea9f45a-8afb-4463-a4d8-b06237ccedb3.27.xml 3753 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6ea9f45a-8afb-4463-a4d8-b06237ccedb3.27\composite.cab 4138 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6ea9f45a-8afb-4463-a4d8-b06237ccedb3.27\resources.html 11121 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6ea9f45a-8afb-4463-a4d8-b06237ccedb3.27\script.htm 2792 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6eb49148-e822-4064-8387-887341b7d739.8 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6eb49148-e822-4064-8387-887341b7d739.8\6eb49148-e822-4064-8387-887341b7d739.8.xml 3745 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6eb49148-e822-4064-8387-887341b7d739.8\composite.cab 4690 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6eb49148-e822-4064-8387-887341b7d739.8\resources.html 10719 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\6eb49148-e822-4064-8387-887341b7d739.8\script.htm 3134 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bb4aec5-b412-4467-b43f-db881d4298ca.30 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bb4aec5-b412-4467-b43f-db881d4298ca.30\4bb4aec5-b412-4467-b43f-db881d4298ca.30.xml 3620 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bb4aec5-b412-4467-b43f-db881d4298ca.30\composite.cab 4118 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bb4aec5-b412-4467-b43f-db881d4298ca.30\resources.html 10063 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bb4aec5-b412-4467-b43f-db881d4298ca.30\script.htm 2804 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\73fe7eed-09fa-4179-8069-38f306e033be.28 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\73fe7eed-09fa-4179-8069-38f306e033be.28\73fe7eed-09fa-4179-8069-38f306e033be.28.xml 3293 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\73fe7eed-09fa-4179-8069-38f306e033be.28\composite.cab 3275 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\73fe7eed-09fa-4179-8069-38f306e033be.28\resources.html 10461 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\73fe7eed-09fa-4179-8069-38f306e033be.28\script.htm 3125 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7713af60-ca78-456f-a2d3-7166754107d1.28 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7713af60-ca78-456f-a2d3-7166754107d1.28\7713af60-ca78-456f-a2d3-7166754107d1.28.xml 4032 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7713af60-ca78-456f-a2d3-7166754107d1.28\composite.cab 4544 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7713af60-ca78-456f-a2d3-7166754107d1.28\resources.html 9137 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7713af60-ca78-456f-a2d3-7166754107d1.28\script.htm 3128 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7e315c11-dcd2-4ac1-bfda-33bd4bcd70ab.22 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7e315c11-dcd2-4ac1-bfda-33bd4bcd70ab.22\7e315c11-dcd2-4ac1-bfda-33bd4bcd70ab.22.xml 3597 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7e315c11-dcd2-4ac1-bfda-33bd4bcd70ab.22\composite.cab 4109 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7e315c11-dcd2-4ac1-bfda-33bd4bcd70ab.22\resources.html 10067 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\7e315c11-dcd2-4ac1-bfda-33bd4bcd70ab.22\script.htm 2778 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\84707c77-f12e-4afb-9110-0379c2aa26c6.28 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\84707c77-f12e-4afb-9110-0379c2aa26c6.28\84707c77-f12e-4afb-9110-0379c2aa26c6.28.xml 3279 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\84707c77-f12e-4afb-9110-0379c2aa26c6.28\composite.cab 3162 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\84707c77-f12e-4afb-9110-0379c2aa26c6.28\resources.html 10523 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\84707c77-f12e-4afb-9110-0379c2aa26c6.28\script.htm 2723 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\8a412eb0-0619-4348-90d7-b3be69c1fb05.29 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\8a412eb0-0619-4348-90d7-b3be69c1fb05.29\8a412eb0-0619-4348-90d7-b3be69c1fb05.29.xml 3666 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\8a412eb0-0619-4348-90d7-b3be69c1fb05.29\composite.cab 4120 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\8a412eb0-0619-4348-90d7-b3be69c1fb05.29\resources.html 10543 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\8a412eb0-0619-4348-90d7-b3be69c1fb05.29\script.htm 2806 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\9cf6fa4e-2571-4c9f-a28c-0b435baaa7ed.27 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\9cf6fa4e-2571-4c9f-a28c-0b435baaa7ed.27\9cf6fa4e-2571-4c9f-a28c-0b435baaa7ed.27.xml 3459 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\9cf6fa4e-2571-4c9f-a28c-0b435baaa7ed.27\composite.cab 9707 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\9cf6fa4e-2571-4c9f-a28c-0b435baaa7ed.27\resources.html 11571 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\9cf6fa4e-2571-4c9f-a28c-0b435baaa7ed.27\script.htm 3012 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a610934b-54cc-4708-bc03-f35c73b473dd.35 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a610934b-54cc-4708-bc03-f35c73b473dd.35\a610934b-54cc-4708-bc03-f35c73b473dd.35.xml 3555 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a610934b-54cc-4708-bc03-f35c73b473dd.35\composite.cab 4080 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a610934b-54cc-4708-bc03-f35c73b473dd.35\resources.html 8647 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a610934b-54cc-4708-bc03-f35c73b473dd.35\script.htm 2766 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a7f85cdc-fbdd-4e70-a9d7-6b784fa7c207.28 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a7f85cdc-fbdd-4e70-a9d7-6b784fa7c207.28\a7f85cdc-fbdd-4e70-a9d7-6b784fa7c207.28.xml 3641 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a7f85cdc-fbdd-4e70-a9d7-6b784fa7c207.28\composite.cab 4538 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a7f85cdc-fbdd-4e70-a9d7-6b784fa7c207.28\resources.html 9974 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\a7f85cdc-fbdd-4e70-a9d7-6b784fa7c207.28\script.htm 3110 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\b9051942-145f-43bd-8697-43a01a164266.26 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\b9051942-145f-43bd-8697-43a01a164266.26\b9051942-145f-43bd-8697-43a01a164266.26.xml 3637 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\b9051942-145f-43bd-8697-43a01a164266.26\composite.cab 4516 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\b9051942-145f-43bd-8697-43a01a164266.26\resources.html 9213 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\b9051942-145f-43bd-8697-43a01a164266.26\script.htm 3061 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c22c3faa-49fd-49e0-93e2-8522a0774de0.35 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c22c3faa-49fd-49e0-93e2-8522a0774de0.35\c22c3faa-49fd-49e0-93e2-8522a0774de0.35.xml 3555 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c22c3faa-49fd-49e0-93e2-8522a0774de0.35\composite.cab 4080 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c22c3faa-49fd-49e0-93e2-8522a0774de0.35\resources.html 8576 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c22c3faa-49fd-49e0-93e2-8522a0774de0.35\script.htm 2766 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c2a29689-d7fb-4bc7-88e5-c7f60269b0e2.20 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c2a29689-d7fb-4bc7-88e5-c7f60269b0e2.20\c2a29689-d7fb-4bc7-88e5-c7f60269b0e2.20.xml 3895 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c2a29689-d7fb-4bc7-88e5-c7f60269b0e2.20\composite.cab 4112 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c2a29689-d7fb-4bc7-88e5-c7f60269b0e2.20\resources.html 15502 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c2a29689-d7fb-4bc7-88e5-c7f60269b0e2.20\script.htm 2794 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d00dcb99-192d-4625-9d3c-157741cd9c6b.30 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d00dcb99-192d-4625-9d3c-157741cd9c6b.30\composite.cab 4538 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d00dcb99-192d-4625-9d3c-157741cd9c6b.30\d00dcb99-192d-4625-9d3c-157741cd9c6b.30.xml 3619 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d00dcb99-192d-4625-9d3c-157741cd9c6b.30\resources.html 9782 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d00dcb99-192d-4625-9d3c-157741cd9c6b.30\script.htm 3112 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d06570f9-8fef-48f2-b62a-a6783f2d095e.4 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d06570f9-8fef-48f2-b62a-a6783f2d095e.4\composite.cab 1302 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d06570f9-8fef-48f2-b62a-a6783f2d095e.4\d06570f9-8fef-48f2-b62a-a6783f2d095e.4.xml 3707 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d06570f9-8fef-48f2-b62a-a6783f2d095e.4\resources.html 770 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d06570f9-8fef-48f2-b62a-a6783f2d095e.4\script.htm 151 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c0dd1d1f-c77a-4e40-8f22-5a4a9ff2c85e.31 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c0dd1d1f-c77a-4e40-8f22-5a4a9ff2c85e.31\c0dd1d1f-c77a-4e40-8f22-5a4a9ff2c85e.31.xml 3688 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c0dd1d1f-c77a-4e40-8f22-5a4a9ff2c85e.31\composite.cab 4136 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c0dd1d1f-c77a-4e40-8f22-5a4a9ff2c85e.31\resources.html 10539 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\c0dd1d1f-c77a-4e40-8f22-5a4a9ff2c85e.31\script.htm 2756 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d2659eee-aa29-47dd-80a0-2c8a611ee92b.25 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d2659eee-aa29-47dd-80a0-2c8a611ee92b.25\composite.cab 4140 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d2659eee-aa29-47dd-80a0-2c8a611ee92b.25\d2659eee-aa29-47dd-80a0-2c8a611ee92b.25.xml 3756 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d2659eee-aa29-47dd-80a0-2c8a611ee92b.25\resources.html 11155 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d2659eee-aa29-47dd-80a0-2c8a611ee92b.25\script.htm 2794 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d3b779ad-ea38-4866-9e25-464884c0a5ae.38 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d3b779ad-ea38-4866-9e25-464884c0a5ae.38\composite.cab 4202 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d3b779ad-ea38-4866-9e25-464884c0a5ae.38\d3b779ad-ea38-4866-9e25-464884c0a5ae.38.xml 3821 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d3b779ad-ea38-4866-9e25-464884c0a5ae.38\resources.html 14062 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d3b779ad-ea38-4866-9e25-464884c0a5ae.38\script.htm 2800 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d4b62664-45bb-47dc-93ab-9647ebb0cd95.26 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d4b62664-45bb-47dc-93ab-9647ebb0cd95.26\composite.cab 3233 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d4b62664-45bb-47dc-93ab-9647ebb0cd95.26\d4b62664-45bb-47dc-93ab-9647ebb0cd95.26.xml 3281 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d4b62664-45bb-47dc-93ab-9647ebb0cd95.26\resources.html 10649 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\d4b62664-45bb-47dc-93ab-9647ebb0cd95.26\script.htm 2764 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\da730663-a7ac-43f8-998b-600d7d486f06.23 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\da730663-a7ac-43f8-998b-600d7d486f06.23\composite.cab 9770 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\da730663-a7ac-43f8-998b-600d7d486f06.23\da730663-a7ac-43f8-998b-600d7d486f06.23.xml 3362 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\da730663-a7ac-43f8-998b-600d7d486f06.23\resources.html 14239 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\da730663-a7ac-43f8-998b-600d7d486f06.23\script.htm 3948 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\df83eb9c-314b-43ad-afee-f27903cf2908.23 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\df83eb9c-314b-43ad-afee-f27903cf2908.23\composite.cab 4124 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\df83eb9c-314b-43ad-afee-f27903cf2908.23\df83eb9c-314b-43ad-afee-f27903cf2908.23.xml 3750 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\df83eb9c-314b-43ad-afee-f27903cf2908.23\resources.html 12143 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\df83eb9c-314b-43ad-afee-f27903cf2908.23\script.htm 2788 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\e08b85ac-28eb-4dd6-85a8-ab43d991d145.36 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\e08b85ac-28eb-4dd6-85a8-ab43d991d145.36\composite.cab 4077 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\e08b85ac-28eb-4dd6-85a8-ab43d991d145.36\e08b85ac-28eb-4dd6-85a8-ab43d991d145.36.xml 3579 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\e08b85ac-28eb-4dd6-85a8-ab43d991d145.36\resources.html 8992 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\e08b85ac-28eb-4dd6-85a8-ab43d991d145.36\script.htm 2764 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\fd45983a-020c-42a3-b0d2-e96b771ccb99.56 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\fd45983a-020c-42a3-b0d2-e96b771ccb99.56\composite.cab 4079 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\fd45983a-020c-42a3-b0d2-e96b771ccb99.56\fd45983a-020c-42a3-b0d2-e96b771ccb99.56.xml 3551 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\fd45983a-020c-42a3-b0d2-e96b771ccb99.56\resources.html 8539 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\fd45983a-020c-42a3-b0d2-e96b771ccb99.56\script.htm 2764 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bf48d45-aabb-4c51-a0cb-375cdb332574.32 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bf48d45-aabb-4c51-a0cb-375cdb332574.32\4bf48d45-aabb-4c51-a0cb-375cdb332574.32.xml 3281 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bf48d45-aabb-4c51-a0cb-375cdb332574.32\composite.cab 3272 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bf48d45-aabb-4c51-a0cb-375cdb332574.32\resources.html 10613 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4bf48d45-aabb-4c51-a0cb-375cdb332574.32\script.htm 2907 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4e24a6e8-04e4-42c3-9eb3-d59c33dde13e.44 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4e24a6e8-04e4-42c3-9eb3-d59c33dde13e.44\4e24a6e8-04e4-42c3-9eb3-d59c33dde13e.44.xml 3693 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4e24a6e8-04e4-42c3-9eb3-d59c33dde13e.44\composite.cab 4573 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4e24a6e8-04e4-42c3-9eb3-d59c33dde13e.44\resources.html 10244 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\4e24a6e8-04e4-42c3-9eb3-d59c33dde13e.44\script.htm 3158 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5a319a76-f433-42c4-91a8-798efbceb463.24 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5a319a76-f433-42c4-91a8-798efbceb463.24\5a319a76-f433-42c4-91a8-798efbceb463.24.xml 3742 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5a319a76-f433-42c4-91a8-798efbceb463.24\composite.cab 4090 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5a319a76-f433-42c4-91a8-798efbceb463.24\resources.html 12470 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\30f69b45-d5fd-4eef-87de-1546f615163c\5a319a76-f433-42c4-91a8-798efbceb463.24\script.htm 2770 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\BITA.tmp 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\clientuiconfig.xml 573 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\config.cfg 598 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\default.xml 266533 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\0405e226-a898-4be1-bc31-73bde946402b.2 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\0405e226-a898-4be1-bc31-73bde946402b.2\0405e226-a898-4be1-bc31-73bde946402b.2.xml 2586 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\278725ef-e5df-4cbf-803f-d9cb7d23e674.1 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\278725ef-e5df-4cbf-803f-d9cb7d23e674.1\278725ef-e5df-4cbf-803f-d9cb7d23e674.1.xml 2526 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\3880d774-4435-4be2-b3e7-2e2f99d30e8c.16 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\3880d774-4435-4be2-b3e7-2e2f99d30e8c.16\3880d774-4435-4be2-b3e7-2e2f99d30e8c.16.xml 2574 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\3d62ea7f-fc54-42d9-ac8a-67aeb95b47f4.8 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\3d62ea7f-fc54-42d9-ac8a-67aeb95b47f4.8\3d62ea7f-fc54-42d9-ac8a-67aeb95b47f4.8.xml 2581 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\693c652a-6693-4a7a-b203-65bf08ee2d7d.5 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\693c652a-6693-4a7a-b203-65bf08ee2d7d.5\693c652a-6693-4a7a-b203-65bf08ee2d7d.5.xml 2571 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\77a520c2-cf13-4944-8007-5b95aa4c5ed4.5 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\77a520c2-cf13-4944-8007-5b95aa4c5ed4.5\77a520c2-cf13-4944-8007-5b95aa4c5ed4.5.xml 2496 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\94ee04cd-488f-46c5-b7dd-6a98e7e4c79c.9 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\94ee04cd-488f-46c5-b7dd-6a98e7e4c79c.9\94ee04cd-488f-46c5-b7dd-6a98e7e4c79c.9.xml 2586 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\a6417a0c-3968-45dd-b260-11ea94dc2dcd.4 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\f9cd5860-4b46-43fa-aa04-46ba9e956204\a6417a0c-3968-45dd-b260-11ea94dc2dcd.4\a6417a0c-3968-45dd-b260-11ea94dc2dcd.4.xml 2541 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\folder.xml 39889 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\manifest.xml 814961 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\manifest.zip 111458 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_actionlight 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_actionlight\4231fb6f-8caf-4ea6-90aa-eeaeffbd3ee7.2 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_actionlight\4231fb6f-8caf-4ea6-90aa-eeaeffbd3ee7.2\4231fb6f-8caf-4ea6-90aa-eeaeffbd3ee7.2.xml 2487 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_actionlight\4231fb6f-8caf-4ea6-90aa-eeaeffbd3ee7.2\composite.cab 2246 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_actionlight\4231fb6f-8caf-4ea6-90aa-eeaeffbd3ee7.2\script.htm 2755 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_articlefaq 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_msg 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_msg\messages.xml 1208 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\001f3896-1025-4ab3-87b9-0558891a1f46.6 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\001f3896-1025-4ab3-87b9-0558891a1f46.6\001f3896-1025-4ab3-87b9-0558891a1f46.6.xml 2788 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\001f3896-1025-4ab3-87b9-0558891a1f46.6\OfferDescription.html 198 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\001f3896-1025-4ab3-87b9-0558891a1f46.6\PCTuneup.jpg 4344 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\4b7fc2e4-9e6c-4e93-8eeb-da10d9c170c9.4 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\4b7fc2e4-9e6c-4e93-8eeb-da10d9c170c9.4\4b7fc2e4-9e6c-4e93-8eeb-da10d9c170c9.4.xml 2831 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\4b7fc2e4-9e6c-4e93-8eeb-da10d9c170c9.4\DDS_100x100.gif 4461 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\4b7fc2e4-9e6c-4e93-8eeb-da10d9c170c9.4\OfferDescription.html 79 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\a665dde6-f283-42a0-9e18-5393fe8243f7.9 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\a665dde6-f283-42a0-9e18-5393fe8243f7.9\a665dde6-f283-42a0-9e18-5393fe8243f7.9.xml 2837 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\a665dde6-f283-42a0-9e18-5393fe8243f7.9\DellOnCall_logo_100x100.gif 3939 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\a665dde6-f283-42a0-9e18-5393fe8243f7.9\OfferDescription.html 127 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\e969f148-2193-4a36-adba-7ce570da69fe.6 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\e969f148-2193-4a36-adba-7ce570da69fe.6\Dell_Upgrade_Logo_100x100.gif 2540 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\e969f148-2193-4a36-adba-7ce570da69fe.6\e969f148-2193-4a36-adba-7ce570da69fe.6.xml 2848 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_purchaseoffer\e969f148-2193-4a36-adba-7ce570da69fe.6\OfferDescription.html 129 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\009b9950-b08b-4dd5-99bc-fcd8d70a71c3.1 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\009b9950-b08b-4dd5-99bc-fcd8d70a71c3.1\009b9950-b08b-4dd5-99bc-fcd8d70a71c3.1.xml 2135 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\009b9950-b08b-4dd5-99bc-fcd8d70a71c3.1\wsadvisor_logo_66x57.jpg 3550 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\05007b29-eaa7-419e-9f1e-842e00978f4a.5 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\05007b29-eaa7-419e-9f1e-842e00978f4a.5\05007b29-eaa7-419e-9f1e-842e00978f4a.5.xml 2127 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\05007b29-eaa7-419e-9f1e-842e00978f4a.5\PC_checkup_2.bmp 3126 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\0d45d2be-bc48-4f45-86f3-38572da4303b.2 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\0d45d2be-bc48-4f45-86f3-38572da4303b.2\0d45d2be-bc48-4f45-86f3-38572da4303b.2.xml 2143 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\0d45d2be-bc48-4f45-86f3-38572da4303b.2\Drivers_and_Downloads.gif 2774 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\10700dd7-8be2-434b-acc4-e1eb20401c10.1 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\10700dd7-8be2-434b-acc4-e1eb20401c10.1\10700dd7-8be2-434b-acc4-e1eb20401c10.1.xml 2115 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\10700dd7-8be2-434b-acc4-e1eb20401c10.1\vista_icon_logo.jpg 3346 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\154bd104-b715-42d4-9669-732898771042.1 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\154bd104-b715-42d4-9669-732898771042.1\154bd104-b715-42d4-9669-732898771042.1.xml 2103 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\154bd104-b715-42d4-9669-732898771042.1\router_50x50.jpg 1076 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\15732ab7-fc6e-453f-ac2d-e9f959713b5f.1 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\15732ab7-fc6e-453f-ac2d-e9f959713b5f.1\15732ab7-fc6e-453f-ac2d-e9f959713b5f.1.xml 2076 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\15732ab7-fc6e-453f-ac2d-e9f959713b5f.1\wireframes.xml 203 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\1815beef-a27f-4f1f-bfa3-83749d7751fe.1 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\1b618a3c-9a55-43bc-ad0f-ab68662e3274.3 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\data\sprt_resource\1f7b4bbf-a280-4d37-8a4d-170d8ea22307.2 0 bytes
File C:\Documents and Settings\Cara\Local Settings\Application Data\SupportSoft\DellSupportCenter\Cara\state 0 bytes

---- EOF - GMER 1.0.15 ----



MBAM Log

Malwarebytes' Anti-Malware 1.41
Database version: 2916
Windows 5.1.2600 Service Pack 3

10/6/2009 4:19:57 PM
mbam-log-2009-10-06 (16-19-57).txt

Scan type: Quick Scan
Objects scanned: 128040
Time elapsed: 7 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{56b38f40-4e70-11d4-a076-0080ad86ba2f} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{56b38f40-4e70-11d4-a076-0080ad86ba2f} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\MyID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Application Data\17545464 (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\97555456 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\Temp\TMP18.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\17545464\17545464.glu (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Documents and Settings\Troy\Application Data\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Troy\Application Data\wiaservg.log (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\cgmopenbho.dll (Trojan.BHO) -> Quarantined and deleted successfully.


SREng Log

2009-10-06,16:31:20

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Running Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File
	Process Privileges Scan
	Scheduled Tasks
	Windows Security Update Check
	API HOOK
	Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<msnmsgr><"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background>  [(Verified)Microsoft Corporation]
	<WMPNSCFG><C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
	<Shockwave Updater><C:\WINDOWS\SYSTEM32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648)" -"http://theclonewars.cartoonnetwork.com/games/game_02.html">  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<BCMSMMSG><BCMSMMSG.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Apoint><C:\Program Files\Apoint\Apoint.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
	<Dell QuickSet><C:\Program Files\Dell\QuickSet\quickset.exe>  []
	<Dell Wireless Manager UI><C:\WINDOWS\system32\WLTRAY>  [File is missing]
	<ATIPTA><"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe">  [ATI Technologies, Inc.]
	<SunJavaUpdateSched><"C:\Program Files\Java\jre6\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
	<AVG8_TRAY><C:\PROGRA~1\AVG\AVG8\avgtray.exe>  [(Verified)AVG Technologies]
	<Malwarebytes Anti-Malware (reboot)><"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript>  [(Verified)Malwarebytes Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
	<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll>  [(Verified)Microsoft Windows]
	<{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}><C:\PROGRA~1\WIFD1F~1\MpShHook.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows]
	<SysTray><C:\WINDOWS\System32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
	<UPnPMonitor><C:\WINDOWS\system32\upnpui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
	<WinlogonNotify: avgrsstarter><avgrsstx.dll>  [(Verified)AVG Technologies]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
	<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
	<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
	<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
	<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\GoToAssist]
	<WinlogonNotify: GoToAssist><C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll>  [(Verified)Citri]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
	<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
	<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
	<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
	<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
	<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
	<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
	<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
	<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
	<Internet Explorer Version Update><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
	<Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
	<Browser Customizations><"C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
	<Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
	<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
	<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
	<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
	<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
	<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
	<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
	<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
	<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
	<Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
	<N/A><c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}]
	<Fax><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<19922964><; C:\Documents and Settings\All Users\Application Data\19922964\19922964.exe>  [File is missing]
	<99932956><; C:\Documents and Settings\All Users\Application Data\99932956\99932956.exe>  [File is missing]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><; "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe">  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Broadcom Wireless Manager UI><; C:\WINDOWS\system32\WLTRAY.exe>  [Dell Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<DellSupport><; "C:\Program Files\DellSupport\DSAgnt.exe" /startup>  [(Verified)Dell Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<DellSupportCenter><; "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter>  [(Verified)Dell Inc.]
	<dscactivate><; "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe">  [ ]
	<dvd43><; C:\Program Files\dvd43\dvd43_tray.exe>  []
	<DVDLauncher><; "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe">  [CyberLink Corp.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<DWQueuedReporting><; "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<iTunesHelper><; "C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Inc.]
	<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [File is missing]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<LDM><; C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe>  [Logitech Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Microsoft Works Update Detection><; C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe>  [Microsoft® Corporation]
	<MSKDetectorExe><; C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall>  [McAfee, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<MsnMsgr><; "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<NBKeyScan><; "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe">  [(Verified)Nero AG]
	<NeroFilterCheck><; C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe>  [(Verified)Nero AG]
	<PWRISOVM.EXE><; C:\Program Files\PowerISO\PWRISOVM.EXE>  [PowerISO Computing, Inc.]
	<QuickTime Task><; "C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
	<RoxWatchTray><; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe">  [File is missing]
	<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>  [RealNetworks, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<ttool><; C:\WINDOWS\9129837.exe>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Windows Defender><; "C:\Program Files\Windows Defender\MSASCui.exe" -hide>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<WMPNSCFG><; C:\Program Files\Windows Media Player\WMPNSCFG.exe>  [(Verified)Microsoft Windows Component Publisher]

==================================
Startup Folders
N/A

==================================
Services
[Apple Mobile Device / Apple Mobile Device][Running/Auto Start]
  <"C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"><Apple Inc.>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[AVG Free8 WatchDog / avg8wd][Running/Auto Start]
  <C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe><AVG Technologies CZ, s.r.o.>
[Bonjour Service / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Inc.>
[DSBrokerService / DSBrokerService][Stopped/Manual Start]
  <"C:\Program Files\DellSupport\brkrsvc.exe"><>
[GoToAssist / GoToAssist][Stopped/Manual Start]
  <"C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe" Start=service><Citrix Online, a division of Citrix Systems, Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Stopped/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Inc.>
[Java Quick Starter / JavaQuickStarterService][Running/Auto Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[MSCSPTISRV / MSCSPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe"><Sony Corporation>
[MSSQL$MICROSOFTBCM / MSSQL$MICROSOFTBCM][Running/Auto Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -sMICROSOFTBCM><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Nero BackItUp Scheduler 3 / Nero BackItUp Scheduler 3][Running/Auto Start]
  <C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe><Nero AG>
[NICCONFIGSVC / NICCONFIGSVC][Running/Auto Start]
  <C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe><Dell Inc.>
[NMIndexingService / NMIndexingService][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe"><Nero AG>
[PACSPTISVR / PACSPTISVR][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe"><Sony Corporation>
[PLFlash DeviceIoControl Service / PLFlash DeviceIoControl Service][Running/Auto Start]
  <C:\WINDOWS\system32\IoctlSvc.exe><Prolific Technology Inc.>
[LiveShare P2P Server 9 / RoxLiveShare9][Stopped/Auto Start]
  <"C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe"><(File is missing)>
[SolidWorks Licensing Service / SolidWorks Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe"><SolidWorks>
[SupportSoft Sprocket Service (dellsupportcenter) / sprtsvc_dellsupportcenter][Running/Auto Start]
  <C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter><SupportSoft, Inc.>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe"><Sony Corporation>
[SQLAgent$MICROSOFTBCM / SQLAgent$MICROSOFTBCM][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -i MICROSOFTBCM><Microsoft Corporation>
[Dell Wireless WLAN Tray Service / wltrysvc][Running/Auto Start]
  <C:\WINDOWS\System32\WLTRYSVC.EXE C:\WINDOWS\System32\bcmwltry.exe><N/A>

==================================
Drivers
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[Alps Touch Pad Filter Driver for Windows 2000/XP / ApfiltrService][Running/Manual Start]
  <System32\DRIVERS\Apfiltr.sys><Alps Electric Co., Ltd.>
[APPDRV / APPDRV][Running/System Start]
  <\SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS><Dell Inc>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ATI Remote Wonder II / ATI Remote Wonder II][Stopped/Disabled]
  <system32\drivers\ATIRWVD.SYS><N/A>
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Free AVI Loader Driver x86 / AvgLdx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgldx86.sys><AVG Technologies CZ, s.r.o.>
[AVG Free On-access Scanner Minifilter Driver x86 / AvgMfx86][Running/System Start]
  <\SystemRoot\System32\Drivers\avgmfx86.sys><AVG Technologies CZ, s.r.o.>
[AVG Free8 Network Redirector / AvgTdiX][Running/System Start]
  <\SystemRoot\System32\Drivers\avgtdix.sys><AVG Technologies CZ, s.r.o.>
[Dell Wireless WLAN Card Driver / BCM43XX][Running/Manual Start]
  <System32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <System32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[BCM V.92 56K Modem / BCMModem][Running/Manual Start]
  <System32\DRIVERS\BCMSM.sys><Broadcom Corporation>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CoachAud / CoachAud][Stopped/Manual Start]
  <system32\DRIVERS\CoachAud.sys><FotoNation Inc.>
[Coach Digital Camera on USB / CoachUsb][Stopped/Manual Start]
  <system32\DRIVERS\CoachUsb.sys><FotoNation Inc.>
[CoachVid / CoachVid][Stopped/Manual Start]
  <system32\DRIVERS\CoachVid.sys><FotoNation Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[DSproct / DSproct][Stopped/Manual Start]
  <\??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys><Gteko Ltd.>
[DellSupport UniDriver / dsunidrv][Running/Auto Start]
  <system32\DRIVERS\dsunidrv.sys><Gteko Ltd.>
[dvd43llh / dvd43llh][Running/Manual Start]
  <System32\DRIVERS\dvd43llh.sys><RIF>
[ENTECH / ENTECH][Stopped/Disabled]
  <\??\C:\WINDOWS\System32\DRIVERS\ENTECH.SYS><N/A>
[GEAR ASPI Filter Driver / GEARAspiWDM][Running/Manual Start]
  <SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[gmer / gmer][Stopped/Disabled]
  <System32\DRIVERS\gmer.sys><N/A>
[IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start]
  <system32\DRIVERS\HPZid412.sys><HP>
[Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start]
  <system32\DRIVERS\HPZipr12.sys><HP>
[USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start]
  <system32\DRIVERS\HPZius12.sys><HP>
[jhq2deb / jhq2deb][Stopped/System Start]
  <\SystemRoot\System32\drivers\jhq2deb.sys><N/A>
[AEGIS Protocol (IEEE 802.1x) v2.3.1.7 / MDC8021X][Running/Auto Start]
  <system32\DRIVERS\mdc8021x.sys><Meetinghouse Data Communications>
[Motorola USB Composite Device Driver / motccgp][Stopped/Manual Start]
  <system32\DRIVERS\motccgp.sys><Motorola>
[MotCcgpFlService / motccgpfl][Stopped/Manual Start]
  <system32\DRIVERS\motccgpfl.sys><Motorola>
[Motorola Inc. USB Device / MotDev][Stopped/Manual Start]
  <system32\DRIVERS\motodrv.sys><Motorola Inc>
[Motorola USB CDC ACM Driver / motmodem][Stopped/Manual Start]
  <system32\DRIVERS\motmodem.sys><Motorola>
[MotoSwitch Service / MotoSwitchService][Stopped/Manual Start]
  <system32\DRIVERS\motswch.sys><Motorola>
[Motorola USB Diagnostic Port / motport][Stopped/Manual Start]
  <system32\DRIVERS\motport.sys><Motorola>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[WinPcap Packet Driver (NPF) / NPF][Stopped/Manual Start]
  <system32\drivers\NPF.sys><CACE Technologies>
[OMCI WDM Device Driver / omci][Running/System Start]
  <System32\DRIVERS\omci.sys><Dell Inc>
[VSO Software pcouffin / Pcouffin][Running/Manual Start]
  <System32\Drivers\Pcouffin.sys><VSO Software>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql1080.sys><QLogic Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ql1280.sys><QLogic Corporation>
[RIM Virtual Serial Port / RimSerPort][Stopped/Manual Start]
  <system32\DRIVERS\RimSerial.sys><Research in Motion Ltd>
[BlackBerry Device / RimUsb][Stopped/Disabled]
  <System32\Drivers\RimUsb.sys><N/A>
[RIM Virtual Serial Port v2 / RimVSerPort][Stopped/Manual Start]
  <system32\DRIVERS\RimSerial.sys><Research in Motion Ltd>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97][Running/Manual Start]
  <system32\drivers\stac97.sys><SigmaTel, Inc.>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\sym_u3.sys><LSI Logic>
[tmcomm / tmcomm][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\tmcomm.sys><Trend Micro Inc.>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\System32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[Apple Mobile USB Driver / USBAAPL][Stopped/Manual Start]
  <System32\Drivers\usbaapl.sys><Apple, Inc.>
[WinDriver6 / WinDriver6][Stopped/Manual Start]
  <system32\drivers\windrvr6.sys><Jungo>
[ATI Wireless Remote Receiver V2.36 / X10UIF][Stopped/Manual Start]
  <System32\Drivers\x10uif.sys><X10 Wireless Technology, Inc.>

==================================
Browser Add-ons
[&Yahoo! Toolbar Helper]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, (Signed) AVG Technologies CZ, s.r.o.>
[]
  {5C255C8A-E604-49b4-9D64-90988571CECB} <, >
[Search Helper]
  {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll, (Signed) Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[AVG Security Toolbar BHO]
  {A3BC75A2-1F87-4686-AA43-5347D756017C} <C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll, (Signed) >
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[Windows Live Toolbar Helper]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[SingleInstance Class]
  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll, (Signed) Yahoo! Inc>
[BlogThisToolbarButton Class]
  {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} <C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll, (Signed) Microsoft Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[&Windows Live Toolbar]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[ScrabbleCubes Control]
  {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} <C:\WINDOWS\DOWNLO~1\SCRABB~1.OCX, (Signed) WorldWinner>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[FunGamesLoader Object]
  {1A1F56AA-3401-46F9-B277-D57F3421F821} <C:\WINDOWS\Downloaded Program Files\FunGamesLoader.dll, (Signed) FUN Technologies, Inc.>
[Liquid.LiquidHelper]
  {22D4879A-92DB-470D-8A83-E158797D8176} <C:\WINDOWS\Downloaded Program Files\Liquid.ocx, (Signed) Playground>
[HidInputMonitorX Control]
  {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} <C:\WINDOWS\DOWNLO~1\HIDINP~1.OCX, TODO: <Company name>>
[SolitaireRush Control]
  {42FDC231-A411-45F8-B8B6-3B5026111DA8} <C:\WINDOWS\DOWNLO~1\SOLITA~1.OCX, (Signed) WorldWinner>
[]
  {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} <, >
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, (Signed) Microsoft® Corporation>
[A9Helper.A9]
  {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} <C:\WINDOWS\Downloaded Program Files\A9.ocx, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[DivXBrowserPlugin Object]
  {67DABFBF-D0AB-41FA-9C46-CC0F21721616} <C:\Program Files\DivX\DivX Web Player\npdivx32.dll, (Signed) DivX,Inc.>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Facebook Photo Uploader 5 Control]
  {8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\CONFLICT.2\PhotoUploader55.ocx, (Signed) The Facebook>
[Wwlaunch Control]
  {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} <C:\WINDOWS\DOWNLO~1\wwlaunch.ocx, (Signed) WorldWinner>
[Java Plug-in 1.6.0_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[WordMojo Control]
  {94299420-321F-4FF9-A247-62A23EBB640B} <C:\WINDOWS\DOWNLO~1\wordmojo.ocx, (Signed) >
[WoF Control]
  {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} <C:\WINDOWS\DOWNLO~1\wof.ocx, (Signed) WorldWinner>
[SwapIt Control]
  {AC2881FD-5760-46DB-83AE-20A5C6432A7E} <C:\WINDOWS\DOWNLO~1\swapit.ocx, (Signed) WorldWinner>
[MSN Games - Installer]
  {B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, (Signed) Microsoft Corporation>
[Royal Control]
  {BB637307-92FA-47EC-B3F7-6969078673CC} <C:\WINDOWS\DOWNLO~1\royal.ocx, (Signed) WorldWinner>
[]
  {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} <, >
[Java Plug-in 1.4.2_03]
  {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.5.0_05]
  {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_02]
  {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_03]
  {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_05]
  {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[Windows Live Hotmail Photo Upload Tool]
  {E77F23EB-E7AB-4502-8F37-247DBAF1A147} <C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MsnPUpld.dll, (Signed) Microsoft® Corporation>
[SupportSoft Script Runner Class]
  {01012101-5E80-11D8-9E86-0007E96C65AE} <C:\Program Files\Common Files\supportsoft\bin\tgctlsr.dll, (Signed) SupportSoft, Inc.>
[&Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {089FD14D-132B-48FC-8861-0048AE113215} <, >
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {0BF43445-2F28-4351-9252-17FE6E806AA0} <, >
[]
  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <, >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[Adobe PDF]
  {182EC0BE-5110-49C8-A062-BEB1D02A220B} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
  {219C3416-8CB2-491A-A3C7-D9FCDDC9D600} <, >
[&Windows Live Toolbar]
  {21FA44EF-376D-4D53-9B0F-8A89D3229068} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[]
  {227B8AA8-DAF2-4892-BD1D-73F568BCB24E} <, >
[Liquid.LiquidHelper]
  {22D4879A-92DB-470D-8A83-E158797D8176} <C:\WINDOWS\Downloaded Program Files\Liquid.ocx, (Signed) Playground>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HidInputMonitorX Control]
  {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} <C:\WINDOWS\DOWNLO~1\HIDINP~1.OCX, TODO: <Company name>>
[Shockwave ActiveX Control]
  {233C1507-6A77-46A4-9443-F871F945D258} <C:\WINDOWS\SYSTEM32\Adobe\Director\SwDir.dll, (Signed) Adobe Systems, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[Microsoft HTML Document 6.0]
  {25336921-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[]
  {27B4851A-3207-45A2-B947-BE8AFE6163AB} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[]
  {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
  {39FD89BF-D3F1-45B6-BB56-3582CCF489E1} <, >
[McMVTApplicationManager Class]
  {3A65891C-3794-43E5-89C8-20CCD19902CE} <, >
[AVG Safe Search]
  {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} <C:\Program Files\AVG\AVG8\avgssie.dll, (Signed) AVG Technologies CZ, s.r.o.>
[QuickTime Object]
  {4063BE15-3B08-470D-A0D5-B37161CFFD69} <C:\Program Files\QuickTime\QTPlugin.ocx, (Signed) Apple Inc.>
[]
  {41D68ED8-4CFF-4115-88A6-6EBB8AF19000} <, >
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Windows Desktop Search Combo Control]
  {4E430174-1673-4FF3-BF28-A3B37F6573E7} <C:\Program Files\Windows Desktop Search\wdsShell.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[A9Helper.A9]
  {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} <C:\WINDOWS\Downloaded Program Files\A9.ocx, >
[Glassbook Detecter Class]
  {4F878398-E58A-11D3-BEE9-00C04FA0D6BA} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\GbDetect.dll, Adobe Systems Incorporated>
[]
  {56B38F40-4E70-11D4-A076-0080AD86BA2F} <, >
[]
  {5C255C8A-E604-49B4-9D64-90988571CECB} <, >
[]
  {5CA3D70E-1895-11CF-8E15-001234567890} <, >
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Search Helper]
  {6EBF7485-159F-4BFF-A14F-B9E3AAC4465B} <C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <, >
[]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Facebook Photo Uploader 5 Control]
  {8100D56A-5661-482C-BEE8-AFECE305D968} <C:\WINDOWS\Downloaded Program Files\CONFLICT.2\PhotoUploader55.ocx, (Signed) The Facebook>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {9394EDE7-C8B5-483E-8773-474BF36AF6E4} <, >
[AVG Security Toolbar BHO]
  {A3BC75A2-1F87-4686-AA43-5347D756017C} <C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll, (Signed) >
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[]
  {B164E929-A1B6-4A06-B104-2CD0E90A88FF} <, >
[MSN Games - Installer]
  {B8BE5E93-A60C-4D26-A2DC-220313175592} <C:\WINDOWS\Downloaded Program Files\ZIntro.ocx, (Signed) Microsoft Corporation>
[]
  {BA52B914-B692-46C4-B683-905236F6F655} <, >
[]
  {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, >
[]
  {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <, >
[Adobe Acrobat Control for ActiveX]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\ActiveX\pdf.ocx, (Signed) Adobe Systems Incorporated>
[Java Plug-in 1.4.2_03]
  {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.5.0_05]
  {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.5.0_06]
  {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, (Signed) >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, N/A>
[AVG Security Toolbar]
  {CCC7A320-B3CA-4199-B1A6-9F516DD69829} <C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll, (Signed) >
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Microsoft Url Search Hook]
  {CFBFAE00-17A6-11D0-99CB-00C04FD64497} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\System32\rmoc3260.dll, RealNetworks>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10c.ocx, (Signed) Adobe Systems, Inc.>
[iTunesDetector Class]
  {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} <C:\Program Files\iTunes\ITDetector.ocx, (Signed) Apple Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, (Signed) Sun Microsystems, Inc.>
[QuickTimeCheck Class]
  {DE4AF3B0-F4D4-11D3-B41A-0050DA2E6C21} <C:\Program Files\QuickTime\QTSystem\QuickTimeCheck.ocx, N/A>
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll, (Signed)  Microsoft Corporation>
[Windows Live Toolbar Helper]
  {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} <C:\Program Files\Windows Live\Toolbar\wltcore.dll, (Signed) Microsoft Corporation>
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>
[NameCtrl Class]
  {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Office\OFFICE11\NAME.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[]
  {E3E02F12-2ADB-478C-8742-5F0819F9F0F4} <"C:\Documents and Settings\Troy\Application Data\Move Networks\ie_bin\qsp2ie071303000004.dll", N/A>
[Windows Live Hotmail Photo Upload Tool]
  {E77F23EB-E7AB-4502-8F37-247DBAF1A147} <C:\WINDOWS\Downloaded Program Files\CONFLICT.3\MsnPUpld.dll, (Signed) Microsoft® Corporation>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <, >
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
  {FC345D4C-B8F4-4674-BFF7-3C37D2E535EE} <"C:\Documents and Settings\Troy\Application Data\Move Networks\ie_bin\qsp2ie071303000004.dll", N/A>
[SingleInstance Class]
  {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} <C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll, (Signed) Yahoo! Inc>

==================================
Running Processes
[PID: 824][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 888][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 924][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
	[C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4118]
	[C:\WINDOWS\system32\avgrsstx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll]  [Citrix Online, a division of Citrix Systems, Inc., 8.0 Build 516]
[PID: 968][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 980][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 1152][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4118]
	[C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 1244][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1292][C:\Program Files\Windows Defender\MsMpEng.exe]  [Microsoft Corporation, 1.1.1593.0]
[PID: 1332][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1376][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1432][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1468][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1676][C:\WINDOWS\System32\WLTRYSVC.EXE]  [N/A, ]
	[C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 1712][C:\WINDOWS\System32\bcmwltry.exe]  [Dell Inc., 4.100.15.8]
	[C:\WINDOWS\System32\bcm1xsup.dll]  [N/A, ]
	[C:\WINDOWS\System32\bcmwlpkt.dll]  [CACE Technologies, 3, 1, 0, 27]
	[C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
	[C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\WINDOWS\System32\atl71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\WINDOWS\System32\wltrynt.dll]  [Broadcom Corporation, 4.100.15.8]
[PID: 1836][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
	[C:\WINDOWS\system32\AdobePDF.dll]  [Adobe Systems Incorporated., 6.0.000]
	[C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll]  [Adobe Systems Incorporated., 6.0.1.2003102300]
	[C:\WINDOWS\system32\hpf3l082.dll]  [Hewlett-Packard Company, 70.082.15.00]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpfpp082.dll]  [Hewlett-Packard Corporation, 70.082.15.00]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1928][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 188][C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe]  [Apple Inc., 2.50.39.0]
[PID: 204][C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgwd.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgamnot.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgsched.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgwdwsc.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 232][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Inc., 1,0,6,2]
[PID: 332][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 396][C:\Program Files\Java\jre6\bin\jqs.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[C:\Program Files\Java\jre6\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 520][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.00.9466]
[PID: 552][C:\PROGRA~1\AVG\AVG8\avgrsx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgcorex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.416]
	[C:\PROGRA~1\AVG\AVG8\avgcrlpx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 564][C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0818.00]
	[C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
	[C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0816.00]
	[C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
	[C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\Resources\1033\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0789.00]
	[C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0818.00]
	[C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0818.00]
[PID: 584][C:\PROGRA~1\AVG\AVG8\avgnsx.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\PROGRA~1\AVG\AVG8\avgxpl.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglvex.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
[PID: 700][C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe]  [Nero AG, 3, 5, 3, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NB.dll]  [Nero AG, 3, 5, 3, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll]  [Nero AG, 8.3.6.0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\LBFC.dll]  [Nero AG, 3, 5, 3, 0]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NBHDMgr.dll]  [Nero AG, 3, 5, 3, 0]
[PID: 900][C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe]  [Dell Inc., 1, 0, 0, 1]
[PID: 1364][C:\WINDOWS\system32\IoctlSvc.exe]  [Prolific Technology Inc., 1, 6, 0, 0]
[PID: 1500][C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe]  [Microsoft Corporation, 1.3.59.0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1592][C:\Program Files\Dell Support Center\bin\sprtsvc.exe]  [SupportSoft, Inc., 7.0.1117.0]
	[C:\Program Files\Dell Support Center\bin\sprtsched.dll]  [SupportSoft, Inc., 7.0.940.0]
	[C:\Program Files\Dell Support Center\bin\sprtfod.dll]  [SupportSoft, Inc., 7.0.940.0]
	[C:\Program Files\Dell Support Center\bin\LIBEAY32.dll]  [SupportSoft, Inc., 0, 9, 8, 4, 1]
	[C:\Program Files\Dell Support Center\bin\sprtsync.dll]  [SupportSoft, Inc., 7.0.1302.0]
	[C:\Program Files\Dell Support Center\bin\sprtupdate.dll]  [SupportSoft, Inc., 7.0.940.0]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1616][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 2116][C:\WINDOWS\system32\SearchIndexer.exe]  [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)]
[PID: 2348][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)]
[PID: 2464][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 2528][C:\Program Files\Windows Media Player\WMPNetwk.exe]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 2796][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4118]
	[C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2497]
[PID: 3068][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
	[C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll]  [Nero AG, 3, 1, 0, 13]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
	[C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll]  [Nero AG, 3, 5, 3, 0]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll]  [Nero AG, 3, 3, 3, 0]
	[C:\Program Files\Adobe\Acrobat 6.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 6.0.0.2003110300\0]
	[C:\Program Files\PowerISO\PWRISOSH.DLL]  [PowerISO Computing, Inc., 4, 0, 0, 0]
	[C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll]  [Malwarebytes Corporation, 1, 2, 0, 0]
	[C:\Program Files\MagicISO\misosh.dll]  [MagicISO, Inc., 5, 3, 0, 198]
	[C:\PROGRA~1\vso\COPYTO~1\CTCDSH~1.DLL]  [VSO Software, 1.2.0.43]
	[C:\Program Files\AVG\AVG8\avgse.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 2260][C:\WINDOWS\BCMSMMSG.exe]  [Broadcom Corporation,  3.5.25 08/27/2003 20:04:35]
[PID: 2672][C:\Program Files\Apoint\Apoint.exe]  [Alps Electric Co., Ltd., 5.5.101.141]
	[C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.4]
	[C:\Program Files\Apoint\Apoint.DLL]  [Alps Electric Co., Ltd., 5.5.104.252]
	[C:\Program Files\Apoint\EzAuto.dll]  [Alps Electric Co., Ltd., 5.5.1.85]
	[C:\Program Files\Apoint\EzLaunch.DLL]  [Alps Electric Co., Ltd., 5.5.1.64]
[PID: 2896][C:\Program Files\Dell\QuickSet\quickset.exe]  [, 1, 0, 0, 1]
	[C:\Program Files\Dell\QuickSet\dadkeyb.dll]  [N/A, ]
[PID: 3180][C:\WINDOWS\system32\WLTRAY.exe]  [Dell Inc., 4.100.15.8]
	[C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
	[C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
	[C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
	[C:\WINDOWS\system32\atl71.dll]  [Microsoft Corporation, 7.10.3077.0]
[PID: 1672][C:\Program Files\Apoint\Apntex.exe]  [Alps Electric Co., Ltd., 5.5.1.19]
	[C:\WINDOWS\system32\VXDIF.DLL]  [Alps Electric Co., Ltd., 6.0.3.4]
[PID: 2336][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  [ATI Technologies, Inc., 6.14.10.5160]
	[C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  [ATI Technologies, Inc., 6.14.10.5160]
	[C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU]  [ATI Technologies, Inc., 6.14.10.5160]
	[C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  [ATI Technologies, Inc., 6.14.10.5160]
[PID: 1644][C:\Program Files\Java\jre6\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.150.3]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 1748][C:\PROGRA~1\AVG\AVG8\avgtray.exe]  [AVG Technologies CZ, s.r.o., 8.5.0.417]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.762]
	[C:\Program Files\AVG\AVG8\avglogx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgcfgx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avglngx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\AVGUIRES.DLL]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgsrmx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgvvx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgscanx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgcclix.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
	[C:\Program Files\AVG\AVG8\avgmvflx.dll]  [AVG Technologies CZ, s.r.o., 8.5.0.401]
[PID: 3532][C:\Program Files\Windows Live\Messenger\msnmsgr.exe]  [Microsoft Corporation, 14.0.8064.0206]
	[C:\WINDOWS\System32\devenum.dll]  [, ]
	[C:\WINDOWS\system32\msdmo.dll]  [, ]
	[C:\WINDOWS\System32\quartz.dll]  [, ]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]
[PID: 3680][C:\Program Files\Windows Media Player\WMPNSCFG.exe]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 4008][C:\Documents and Settings\Troy\Desktop\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 3444][C:\Documents and Settings\Troy\Desktop\SREa6e7f8c2.EXE]  [Smallfrogs Studio, 2.8.1.1279]
	[C:\Documents and Settings\Troy\Desktop\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
	[C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Inc., 1,0,6,2]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1712, C:\WINDOWS\SYSTEM32\BCMWLTRY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 900, C:\PROGRAM FILES\DELL\NICCONFIGSVC\NICCONFIGSVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2896, C:\PROGRAM FILES\DELL\QUICKSET\QUICKSET.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3180, C:\WINDOWS\SYSTEM32\WLTRAY.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2336, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 4008, C:\DOCUMENTS AND SETTINGS\TROY\DESKTOP\SRENGLDR.EXE]

==================================
Scheduled Tasks
[Enabled] User_Feed_Synchronization-{1F21D622-B3CF-4E3F-B8E2-89F0887D5DA1}.job
		C:\WINDOWS\system32\msfeedssync.exe 
[Enabled] MP Scheduled Scan.job
		C:\Program Files\Windows Defender\MpCmdRun.exe 
[Enabled] EasyShare Registration Task.job
		C:\WINDOWS\system32\rundll32.exe 
[Enabled] AppleSoftwareUpdate.job
		C:\Program Files\Apple Software Update\SoftwareUpdate.exe 
[Disabled] Ad-Aware Update (Weekly).job
		C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe 

==================================
Windows Security Update Check
KB940157,  Windows Search 4.0 for Windows XP (KB940157) 
KB943729,  Group Policy Preference Client Side Extensions for Windows XP (KB943729) 
KB926139,  Windows PowerShell 1.0 for Windows XP (KB926139) 
KB949810,  Office Genuine Advantage Notifications (KB949810) 
KB973874,  Update for Internet Explorer 8 Compatibility View List for Windows XP (KB973874) 
KB931125,  Update for Root Certificates [September 2009] (KB931125) 

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================

Attached Files



#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 PM

Posted 06 October 2009 - 07:18 PM

Hi wildunc1,




Step1

If you already have Combofix, please delete that copy and download it again as it's being updated regularly.

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: If you have Windows Vista, you can skip the recovery console step...in Vista it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\WINDOWS\9129837.exe
C:\WINDOWS\System32\drivers\jhq2deb.sys

Folder::
C:\Documents and Settings\All Users\Application Data\19922964
C:\Documents and Settings\All Users\Application Data\99932956

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"19922964"=-
"99932956"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ttool"=-

Driver::
jhq2deb

DDS::
uInternet Settings,ProxyOverride = *.local
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2

We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

In your next reply, please post back:


1.ComboFix log
2.OTListIt.txt and Extra.txt

Tell me how your pc is running now.

#7 wildunc1

wildunc1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 06 October 2009 - 11:14 PM

You are a genius. When I first ran ComboFix it said I still had my AVG Anti Virus software running but I shut it off. It said, if I didn’t stop it and continued, there might be undesirable results. It flipped me out a little but I continued. Then it said it wanted to create a restore point but I did not have Windows restore installed. Right now I don’t remember what it said for sure but it downloaded it and installed it.

I have now uninstalled AVG and reinstalled my original McAfee software that I paid for and installed my new printer and updated windows. Internet’s running faster and Windows Messenger is working again

In the future, is this something McAfee should have caught, because it didn’t in the first place?

Thank you for your help.

ComboFix 09-10-06.03 - Troy 10/06/2009 19:19.1.2 - NTFSx86
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\windows\9129837.exe"
"c:\windows\System32\drivers\jhq2deb.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\99932956.ini
c:\documents and settings\All Users\Application Data\Microsoft\id.txt
c:\documents and settings\Troy\Application Data\inst.exe
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\desktop
c:\windows\desktop\Play Rogue Squadron.lnk
c:\windows\Installer\13a76e1.msi
c:\windows\Installer\1762163a.msi
c:\windows\Installer\17d845.msi
c:\windows\Installer\1e87f6.msi
c:\windows\Installer\1e8807.msi
c:\windows\Installer\21d67116.msp
c:\windows\Installer\21d6711e.msp
c:\windows\Installer\3201f4.msi
c:\windows\Installer\37d5614.msp
c:\windows\Installer\66a76e4.msp
c:\windows\Installer\71aadd0.msp
c:\windows\Installer\71aadd7.msp
c:\windows\Installer\71aadde.msp
c:\windows\Installer\71aade6.msp
c:\windows\Installer\71aadef.msp
c:\windows\Installer\71aadf7.msp
c:\windows\Installer\71aadff.msp
c:\windows\Installer\8e76121.msp
c:\windows\Installer\8e76122.msp
c:\windows\Installer\8e76135.msp
c:\windows\Installer\98ce7ba.msi
c:\windows\Installer\dba615c.msp
c:\windows\Installer\dba615d.msp
c:\windows\Installer\dba615e.msp
c:\windows\Installer\dba615f.msp
c:\windows\Installer\dba6160.msp
c:\windows\Installer\dba6161.msp
c:\windows\Installer\dba6162.msp
c:\windows\Installer\dba6163.msp
c:\windows\Installer\dba6164.msp
c:\windows\Installer\dc95211.msp
c:\windows\Installer\dc95212.msp
c:\windows\Installer\dc95213.msp
c:\windows\Installer\dc95214.msp
c:\windows\Installer\dc95215.msp
c:\windows\Installer\dc95216.msp
c:\windows\Installer\dc95217.msp
c:\windows\Installer\dc95218.msp
c:\windows\Installer\dc95219.msp
c:\windows\Installer\dc9521a.msp
c:\windows\Installer\dcda83a.msp
c:\windows\Installer\dcda844.msp
c:\windows\Installer\dcda84f.msp
c:\windows\Installer\e900a2e.msi
c:\windows\Installer\WinRMSrv.msi
c:\windows\jestertb.dll
c:\windows\System32\drivers\jhq2deb.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_jhq2deb
-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 02:26 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-07 02:26 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-06 23:08 . 2009-10-06 23:08 -------- d-----w- c:\documents and settings\Troy\Application Data\Malwarebytes
2009-10-06 23:08 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 23:08 . 2009-10-06 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 23:08 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 23:08 . 2009-10-06 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 08:35 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-28 21:05 . 2008-08-22 12:24 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-09-28 17:13 . 2007-07-09 18:13 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-09-28 17:13 . 2007-07-09 18:13 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-09-28 17:12 . 2008-08-12 17:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-09-28 17:12 . 2007-07-09 18:13 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-09-28 17:11 . 2008-10-06 19:11 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-09-28 17:11 . 2007-07-09 18:13 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-09-28 17:11 . 2007-07-09 18:13 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-09-28 17:11 . 2007-07-06 18:48 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-09-28 17:11 . 2008-10-06 19:11 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-09-26 03:17 . 2009-09-26 03:17 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-25 16:29 . 2009-09-25 16:29 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-24 17:59 . 2009-09-28 21:07 -------- d-----w- c:\program files\HP
2009-09-24 17:59 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-24 17:59 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-09-23 15:27 . 2009-09-23 15:27 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-20 23:46 . 2009-09-20 23:46 50 ----a-w- c:\windows\system32\BRIDF04A.dat
2009-09-20 23:41 . 2009-09-20 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-09-16 15:35 . 2009-09-16 15:35 -------- d-----w- c:\documents and settings\Troy\Application Data\EDrawings
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Troy\Local Settings\Application Data\DassaultSystemes
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Troy\Application Data\DassaultSystemes
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DassaultSystemes
2009-09-16 15:27 . 2009-09-16 15:27 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2009-09-16 15:27 . 2009-09-16 15:27 -------- d-----w- c:\program files\Common Files\eDrawings2009
2009-09-09 21:37 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 02:03 . 2009-07-13 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-05 18:25 . 2007-09-26 00:06 -------- d-----w- c:\documents and settings\Troy\Application Data\Azureus
2009-10-02 19:23 . 2004-09-15 00:13 -------- d-----w- c:\documents and settings\Troy\Application Data\AdobeUM
2009-09-26 22:43 . 2009-07-06 16:08 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-26 07:09 . 2005-05-01 04:22 -------- d-----w- c:\documents and settings\Troy\Application Data\Apple Computer
2009-09-25 17:50 . 2004-09-09 01:00 -------- d-----w- c:\documents and settings\Troy\Application Data\MSN6
2009-09-23 15:26 . 2004-09-04 04:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 21:54 . 2004-09-04 04:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-11 02:37 . 2007-07-22 06:27 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 13:46 . 2008-08-13 04:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-25 19:27 . 2009-08-25 19:27 -------- d-----w- c:\program files\LucasArts
2009-08-21 20:28 . 2007-02-02 04:08 -------- d-----w- c:\program files\Common Files\Remote Control Software Shared
2009-08-21 14:48 . 2004-09-04 04:40 83560 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 18:42 . 2009-07-13 14:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-19 18:42 . 2009-07-13 14:03 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-19 18:42 . 2009-07-13 14:03 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-14 19:16 . 2009-07-13 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-08-13 13:04 . 2009-08-11 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-13 13:04 . 2009-08-11 19:44 -------- d-----w- c:\program files\NOS
2009-08-11 19:39 . 2004-09-04 04:29 -------- d-----w- c:\program files\Java
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 12:23 . 2009-01-21 05:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-03-19 22:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-11 06:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-13 14:03 . 2009-07-13 14:03 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 18:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-07 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-05 2023704]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-07-07 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-04 50688]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-09-04 151597]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-12 17:59 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-19 18:42 11952 ----a-w- c:\windows\SYSTEM32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=c:\windows\pss\BlackBerry Desktop Redirector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^Startup^fmnupd32.exe]
path=c:\documents and settings\Troy\Start Menu\Programs\Startup\fmnupd32.exe
backup=c:\windows\pss\fmnupd32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^Startup^zqosys32.exe]
path=c:\documents and settings\Troy\Start Menu\Programs\Startup\zqosys32.exe
backup=c:\windows\pss\zqosys32.exeStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\SYSTEM32\DRIVERS\avgldx86.sys [7/13/2009 7:03 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\SYSTEM32\DRIVERS\avgtdix.sys [7/13/2009 7:03 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/13/2009 7:02 AM 297752]
R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [5/2/2009 8:33 AM 55152]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 CoachVid;CoachVid;c:\windows\SYSTEM32\DRIVERS\CoachVid.sys [1/7/2008 5:29 PM 45344]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [2/18/2009 12:38 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [2/18/2009 12:38 AM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [2/18/2009 12:38 AM 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [4/13/2008 8:40 PM 23680]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-10-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-10-06 c:\windows\Tasks\User_Feed_Synchronization-{1F21D622-B3CF-4E3F-B8E2-89F0887D5DA1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file://d:\components\Liquid.ocx
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
HKLM-Run-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
AddRemove-GameSpotDownloadManager - c:\documents and settings\Troy\My Documents\Downloads\GameSpot\uninstall.exe
AddRemove-Williams Arcade Classics 2 - D:\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-06 19:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(908)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(3788)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\windows\SYSTEM32\BCMWLTRY.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Dell\NicConfigSvc\NicConfigSvc.exe
c:\windows\SYSTEM32\IoctlSvc.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\SYSTEM32\searchindexer.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\SYSTEM32\ati2evxx.exe
c:\program files\Apoint\ApntEx.exe
.
**************************************************************************
.
Completion time: 2009-10-07 19:37 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-07 02:37

Pre-Run: 1,655,590,912 bytes free
Post-Run: 5,215,150,080 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
349 --- E O F --- 2009-09-26 19:18


OTL logfile created on: 10/6/2009 7:41:13 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Troy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.21 Mb Total Physical Memory | 473.93 Mb Available Physical Memory | 46.32% Memory free
1.66 Gb Paging File | 1.18 Gb Available in Paging File | 70.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.33 Gb Total Space | 4.90 Gb Free Space | 9.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILDUNC2
Current User Name: Troy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/11/01 20:48:10 | 01,253,376 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\bcmwltry.exe
PRC - [2009/08/19 11:42:41 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/08/19 11:42:22 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
PRC - [2003/05/31 16:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
PRC - [2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
PRC - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
PRC - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe
PRC - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe
PRC - [2009/02/06 03:10:02 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe
PRC - [2003/08/29 03:59:24 | 00,122,880 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\BCMSMMSG.exe
PRC - [2004/09/13 12:33:20 | 00,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2005/03/04 11:26:08 | 00,606,208 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2006/11/01 20:48:12 | 01,392,640 | ---- | M] (Dell Inc.) -- C:\WINDOWS\System32\WLTRAY.exe
PRC - [2005/08/05 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2009/07/25 05:23:12 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/08/19 09:40:08 | 00,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2009/10/05 08:02:39 | 02,023,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2008/04/13 17:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/10/06 19:40:01 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/06/05 11:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005/08/03 23:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2009/08/19 11:42:22 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running])
SRV - [2008/12/12 12:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/02/06 18:08:58 | 00,533,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc [On_Demand | Stopped])
SRV - [2009/06/12 10:59:21 | 00,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToAssist\516\g2aservice.exe -- (GoToAssist [On_Demand | Stopped])
SRV - [2008/04/13 17:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2004/10/22 03:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/11/20 14:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2009/07/25 05:23:10 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/06/20 00:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe -- (MDM [Auto | Running])
SRV - [2005/06/07 01:32:54 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV [On_Demand | Stopped])
SRV - [2003/05/31 16:02:32 | 07,544,916 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe -- (MSSQL$MICROSOFTBCM [Auto | Running])
SRV - [2002/12/17 17:23:30 | 00,066,112 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe -- (MSSQLServerADHelper [On_Demand | Stopped])
SRV - [2008/06/08 09:31:04 | 00,877,864 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe -- (Nero BackItUp Scheduler 3 [Auto | Running])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2005/03/03 23:29:02 | 00,356,352 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe -- (NICCONFIGSVC [Auto | Running])
SRV - [2008/06/24 16:05:56 | 00,537,896 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe -- (NMIndexingService [On_Demand | Stopped])
SRV - [2003/07/28 10:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2005/06/07 01:28:04 | 00,053,337 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR [On_Demand | Stopped])
SRV - [2006/12/19 10:30:26 | 00,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\WINDOWS\System32\IoctlSvc.exe -- (PLFlash DeviceIoControl Service [Auto | Running])
SRV - File not found -- -- (RoxLiveShare9 [Auto | Stopped])
SRV - [2009/05/19 11:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort [Auto | Running])
SRV - [2009/09/16 08:27:44 | 00,079,360 | ---- | M] (SolidWorks) -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service [On_Demand | Stopped])
SRV - [2008/08/13 18:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2005/06/07 01:22:34 | 00,069,718 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV [On_Demand | Stopped])
SRV - [2002/12/17 17:23:30 | 00,311,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE -- (SQLAgent$MICROSOFTBCM [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2006/11/01 20:48:12 | 00,020,480 | ---- | M] () -- C:\WINDOWS\System32\WLTRYSVC.EXE -- (wltrysvc [Auto | Stopped])
SRV - [2006/10/18 22:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2001/08/17 11:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\System32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 11:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2004/11/16 11:03:52 | 00,108,791 | ---- | M] (Alps Electric Co., Ltd.) -- C:\WINDOWS\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService [On_Demand | Running])
DRV - [2004/08/18 14:53:54 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 11:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 11:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2004/10/23 22:58:58 | 00,025,244 | ---- | M] (Adaptec) -- C:\WINDOWS\System32\drivers\aspi32.sys -- (ASPI32 [System | Running])
DRV - [2005/08/03 23:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2009/08/19 11:42:40 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86 [System | Running])
DRV - [2009/08/19 11:42:40 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86 [System | Running])
DRV - [2009/07/13 07:03:27 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX [System | Running])
DRV - [2006/10/12 23:28:42 | 00,604,928 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcmwl5.sys -- (BCM43XX [On_Demand | Running])
DRV - [2004/01/02 08:44:22 | 00,044,032 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2003/08/29 03:59:24 | 01,101,696 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\System32\DRIVERS\BCMSM.sys -- (BCMModem [On_Demand | Running])
DRV - [2003/08/19 13:25:16 | 00,004,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci [Disabled | Stopped])
DRV - File not found -- -- (catchme [On_Demand | Running])
DRV - [2001/08/17 11:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2007/06/29 12:25:14 | 00,010,752 | ---- | M] (FotoNation Inc.) -- C:\WINDOWS\System32\DRIVERS\CoachAud.sys -- (CoachAud [On_Demand | Stopped])
DRV - [2007/06/29 12:25:14 | 00,050,368 | ---- | M] (FotoNation Inc.) -- C:\WINDOWS\System32\DRIVERS\CoachUsb.sys -- (CoachUsb [On_Demand | Stopped])
DRV - [2007/06/29 12:25:14 | 00,045,344 | ---- | M] (FotoNation Inc.) -- C:\WINDOWS\System32\DRIVERS\CoachVid.sys -- (CoachVid [On_Demand | Stopped])
DRV - [2001/08/17 11:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Stopped])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2007/07/28 09:43:35 | 00,018,816 | ---- | M] (RIF) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys -- (dvd43llh [On_Demand | Running])
DRV - [2009/02/06 18:08:42 | 00,055,152 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys -- (fssfltr [Auto | Running])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2007/07/09 11:13:29 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/07/09 11:13:31 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/07/09 11:13:35 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\System32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2004/09/12 22:08:29 | 00,015,781 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\System32\DRIVERS\mdc8021x.sys -- (MDC8021X [Auto | Running])
DRV - [2008/08/21 19:49:22 | 00,018,688 | ---- | M] (Motorola) -- C:\WINDOWS\System32\DRIVERS\motccgp.sys -- (motccgp [On_Demand | Stopped])
DRV - [2008/08/21 19:49:56 | 00,008,320 | ---- | M] (Motorola) -- C:\WINDOWS\System32\DRIVERS\motccgpfl.sys -- (motccgpfl [On_Demand | Stopped])
DRV - [2007/10/10 18:41:50 | 00,042,112 | ---- | M] (Motorola Inc) -- C:\WINDOWS\System32\DRIVERS\motodrv.sys -- (MotDev [On_Demand | Stopped])
DRV - [2007/06/20 14:57:46 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\System32\DRIVERS\motmodem.sys -- (motmodem [On_Demand | Stopped])
DRV - [2007/11/02 16:51:28 | 00,006,400 | ---- | M] (Motorola) -- C:\WINDOWS\System32\DRIVERS\motswch.sys -- (MotoSwitchService [On_Demand | Stopped])
DRV - [2007/06/20 14:57:50 | 00,023,680 | ---- | M] (Motorola) -- C:\WINDOWS\System32\DRIVERS\motport.sys -- (motport [On_Demand | Stopped])
DRV - [2001/08/17 11:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2004/02/13 08:46:00 | 00,017,153 | ---- | M] (Dell Inc) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2007/07/26 21:44:32 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\Pcouffin.sys -- (Pcouffin [On_Demand | Running])
DRV - [2004/03/19 15:41:54 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008/02/13 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 11:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 11:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 11:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimSerPort [On_Demand | Stopped])
DRV - [2007/01/18 10:24:58 | 00,026,496 | R--- | M] (Research in Motion Ltd) -- C:\WINDOWS\System32\DRIVERS\RimSerial.sys -- (RimVSerPort [On_Demand | Stopped])
DRV - [2004/03/19 15:42:10 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Stopped])
DRV - [2008/03/13 23:04:29 | 00,046,652 | ---- | M] (PowerISO Computing, Inc.) -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu [System | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 11:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2001/08/17 12:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2004/11/15 15:37:52 | 00,264,440 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\System32\drivers\stac97.sys -- (STAC97 [On_Demand | Running])
DRV - [2001/08/17 12:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\System32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 12:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 12:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 12:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2009/09/25 20:17:54 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2001/08/17 11:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2009/06/05 11:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2004/09/07 19:57:00 | 00,316,152 | ---- | M] (Jungo) -- C:\WINDOWS\System32\drivers\windrvr6.sys -- (WinDriver6 [On_Demand | Stopped])
DRV - [2005/02/09 12:29:28 | 00,010,761 | ---- | M] (X10 Wireless Technology, Inc.) -- C:\WINDOWS\System32\Drivers\x10uif.sys -- (X10UIF [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 EA 5C BB D6 42 CA 01 [binary data]
IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\S-1-5-21-3151114944-3650567274-1033025831-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/02/25 11:40:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/13 08:11:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BCMSMMSG] C:\WINDOWS\BCMSMMSG.exe (Broadcom Corporation)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] File not found
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [Dell Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe (Dell Inc.)
O4 - HKLM..\Run: [DellSupportCenter] File not found
O4 - HKLM..\Run: [dscactivate] File not found
O4 - HKLM..\Run: [dvd43] File not found
O4 - HKLM..\Run: [DVDLauncher] File not found
O4 - HKLM..\Run: [iTunesHelper] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Works Update Detection] File not found
O4 - HKLM..\Run: [MSKDetectorExe] File not found
O4 - HKLM..\Run: [NBKeyScan] File not found
O4 - HKLM..\Run: [NeroFilterCheck] File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] File not found
O4 - HKLM..\Run: [Windows Defender] File not found
O4 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006..\Run: [DellSupport] File not found
O4 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006..\Run: [DWQueuedReporting] File not found
O4 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006..\Run: [LDM] File not found
O4 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006..\Run: [WMPNSCFG] File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\Narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 ( File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..Trusted Domains: ([]msn in My Computer)
O15 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3151114944-3650567274-1033025831-1006\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {02A2D714-433E-46E4-B217-7C3B3FAF8EAE} http://www.worldwinner.com/games/v47/scrab...rabblecubes.cab (ScrabbleCubes Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinner.com/games/v47/share...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} file://D:\components\Liquid.ocx (Liquid.LiquidHelper)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file://D:\components\hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {42FDC231-A411-45F8-B8B6-3B5026111DA8} http://www.worldwinner.com/games/v47/solit...litairerush.cab (SolitaireRush Control)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcafee.com/molbin/shared/m...84/mcinsctl.cab (Reg Error: Key error.)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file://D:\components\A9.ocx (A9Helper.A9)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5co...b?1094693786660 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1145839828688 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} http://www.worldwinner.com/games/v46/wordmojo/wordmojo.cab (WordMojo Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
O16 - DPF: {AC2881FD-5760-46DB-83AE-20A5C6432A7E} http://www.worldwinner.com/games/v67/swapit/swapit.cab (SwapIt Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...o.cab102118.cab (MSN Games - Installer)
O16 - DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} http://www.worldwinner.com/games/v45/royal/royal.cab (Royal Control)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} http://download.mcafee.com/molbin/shared/m...,21/mcgdmgr.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\516\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop Components:AutorunsDisabled () -
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/03/20 10:58:32 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[3 C:\WINDOWS\*.tmp files]
[2009/09/25 09:29:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/09/20 16:41:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brother
[2009/09/16 08:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/10/06 16:08:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/16 08:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Application Data\DassaultSystemes
[2009/09/16 08:35:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Application Data\EDrawings
[2009/10/06 16:08:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Application Data\Malwarebytes
[2009/09/16 08:29:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Local Settings\Application Data\DassaultSystemes
[2009/09/16 08:27:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\eDrawings2009
[2009/09/16 08:27:44 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\SolidWorks Shared
[2009/09/24 10:59:16 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2009/10/06 16:08:28 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/06 19:39:46 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Troy\Desktop\OTL.exe
[2009/10/06 19:26:35 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/10/06 19:26:35 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/10/06 19:07:14 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/10/06 19:05:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/10/06 18:52:40 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/10/06 18:52:40 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/10/06 18:52:40 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/10/06 18:52:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/06 18:44:18 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/06 16:26:46 | 02,224,128 | ---- | C] (Smallfrogs Studio) -- C:\Documents and Settings\Troy\Desktop\SREngLdr.EXE
[2009/10/06 16:26:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy\Desktop\Upload
[2009/10/06 16:08:30 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/06 16:08:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/03 01:35:19 | 00,195,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/28 14:05:25 | 00,271,704 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpzids01.dll
[2009/09/28 10:13:30 | 00,016,496 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZipr12.sys
[2009/09/28 10:13:20 | 00,049,920 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZid412.sys
[2009/09/28 10:12:35 | 00,118,272 | ---- | C] (Hewlett-Packard Company) -- C:\WINDOWS\System32\hpf3l082.dll
[2009/09/28 10:12:24 | 00,021,568 | R--- | C] (HP) -- C:\WINDOWS\System32\drivers\HPZius12.sys
[2009/09/28 10:11:44 | 00,966,656 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpwtiop4.dll
[2009/09/28 10:11:44 | 00,364,544 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hppldcoi.dll
[2009/09/28 10:11:44 | 00,309,760 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\difxapi.dll
[2009/09/28 10:11:44 | 00,294,912 | R--- | C] (Hewlett-Packard Co.) -- C:\WINDOWS\System32\hpovst11.dll
[2009/09/28 10:11:43 | 00,741,376 | R--- | C] (Hewlett-Packard) -- C:\WINDOWS\System32\hpwwiax5.dll
[2009/09/26 08:06:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Current Resumes
[2009/09/25 20:17:54 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/09/24 10:59:09 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/09/24 10:59:09 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/09/15 17:16:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Troy\My Documents\R2D2
[2009/09/09 14:37:57 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2006/10/08 20:54:58 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Troy\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\drivers\*.tmp files]
[1 C:\WINDOWS\System32\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/10/06 19:40:01 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Troy\Desktop\OTL.exe
[2009/10/06 19:34:11 | 00,515,768 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/10/06 19:34:10 | 00,100,692 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/10/06 19:34:09 | 00,628,216 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/06 19:32:21 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/10/06 19:30:32 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/06 19:30:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/10/06 19:29:49 | 00,002,278 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/10/06 19:29:17 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/06 19:29:14 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/10/06 19:29:11 | 10,729,84064 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/06 19:07:32 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/10/06 18:39:18 | 03,327,765 | R--- | M] () -- C:\Documents and Settings\Troy\Desktop\ComboFix.exe
[2009/10/06 18:00:28 | 42,401,219 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2009/10/06 18:00:28 | 00,009,280 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2009/10/06 16:26:03 | 00,868,323 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\sreng2.zip
[2009/10/06 16:08:33 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 15:14:45 | 00,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1F21D622-B3CF-4E3F-B8E2-89F0887D5DA1}.job
[2009/10/06 13:04:45 | 00,206,848 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\GMI_NIS_000000955678Dave Green.xls
[2009/10/05 16:30:55 | 00,022,528 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\Chores.xls
[2009/10/05 14:05:09 | 00,282,312 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\gmer.zip
[2009/10/04 09:36:52 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\gmer.exe
[2009/10/03 17:19:37 | 03,843,589 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\09MY_LR3_Kit_Brochure.pdf
[2009/10/02 12:13:48 | 05,666,668 | -H-- | M] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\IconCache.db
[2009/10/01 13:56:01 | 00,014,848 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\SCHEDULES spreadsheetBlank100109(1).xls
[2009/10/01 10:42:01 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/01 10:41:22 | 00,000,211 | ---- | M] () -- C:\Documents and Settings\Troy\Application Data\default.pls
[2009/10/01 10:29:14 | 00,195,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2009/09/30 17:35:31 | 00,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2009/09/28 10:47:24 | 02,578,591 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\2006_LR3.pdf
[2009/09/28 10:22:45 | 00,333,666 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\www.carfax.com-VehicleHistory-p-Report.tif
[2009/09/28 10:22:08 | 00,315,341 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\CARFAX Vehicle History Report on SALAD24416A408133.mht
[2009/09/26 09:53:33 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\In progress cover letter.doc
[2009/09/25 20:17:54 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/09/25 09:31:59 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\SysClean Directions.doc
[2009/09/24 11:05:09 | 00,061,793 | ---- | M] () -- C:\Documents and Settings\Troy\Desktop\HP Installation Error - XP.html
[2009/09/23 16:12:19 | 00,000,647 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/23 16:12:19 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/09/20 16:50:49 | 00,000,184 | ---- | M] () -- C:\WINDOWS\System32\brsvc01a.bsi
[2009/09/20 16:46:50 | 00,000,050 | ---- | M] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/09/16 08:27:47 | 00,000,000 | ---- | M] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/09/16 08:27:26 | 00,001,818 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks eDrawings 2009.lnk
[2009/09/15 19:12:40 | 00,064,000 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\qa tech job desc for my mill.doc
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/10 05:46:57 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/09 19:40:18 | 00,027,648 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\lead lab tech job desc.doc
[2009/09/09 19:11:16 | 00,022,016 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\lab tech job description.doc
[2009/09/09 14:39:05 | 00,031,232 | ---- | M] () -- C:\Documents and Settings\Troy\My Documents\Lab Tech Job Desc.doc

========== Files - No Company Name ==========
[2009/10/06 19:07:32 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/10/06 19:07:25 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/10/06 18:52:40 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/06 18:52:40 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/06 18:52:40 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/06 18:52:40 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/10/06 18:38:52 | 03,327,765 | R--- | C] () -- C:\Documents and Settings\Troy\Desktop\ComboFix.exe
[2009/10/06 16:26:46 | 00,035,952 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\releasenotes_cht.htm
[2009/10/06 16:26:46 | 00,032,326 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\releasenotes_chs.htm
[2009/10/06 16:25:50 | 00,868,323 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\sreng2.zip
[2009/10/06 16:08:33 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/06 13:04:43 | 00,206,848 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\GMI_NIS_000000955678Dave Green.xls
[2009/10/05 16:24:39 | 00,022,528 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\Chores.xls
[2009/10/05 14:08:10 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\gmer.exe
[2009/10/05 14:04:52 | 00,282,312 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\gmer.zip
[2009/10/03 17:19:36 | 03,843,589 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\09MY_LR3_Kit_Brochure.pdf
[2009/10/01 13:56:00 | 00,014,848 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\SCHEDULES spreadsheetBlank100109(1).xls
[2009/09/28 10:47:24 | 02,578,591 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\2006_LR3.pdf
[2009/09/28 10:22:43 | 00,333,666 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\www.carfax.com-VehicleHistory-p-Report.tif
[2009/09/28 10:22:08 | 00,315,341 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\CARFAX Vehicle History Report on SALAD24416A408133.mht
[2009/09/26 09:53:32 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\In progress cover letter.doc
[2009/09/25 20:04:37 | 10,729,84064 | -HS- | C] () -- C:\hiberfil.sys
[2009/09/25 09:31:57 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\SysClean Directions.doc
[2009/09/24 11:05:09 | 00,061,793 | ---- | C] () -- C:\Documents and Settings\Troy\Desktop\HP Installation Error - XP.html
[2009/09/24 10:57:23 | 00,005,142 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/09/20 16:50:49 | 00,000,184 | ---- | C] () -- C:\WINDOWS\System32\brsvc01a.bsi
[2009/09/20 16:46:50 | 00,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/09/16 08:27:47 | 00,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2009/09/16 08:27:26 | 00,001,818 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SolidWorks eDrawings 2009.lnk
[2009/09/15 18:55:27 | 00,064,000 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\qa tech job desc for my mill.doc
[2009/09/09 19:40:18 | 00,027,648 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\lead lab tech job desc.doc
[2009/09/09 19:11:16 | 00,022,016 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\lab tech job description.doc
[2009/09/09 10:51:15 | 00,031,232 | ---- | C] () -- C:\Documents and Settings\Troy\My Documents\Lab Tech Job Desc.doc
[2009/05/07 20:59:43 | 00,000,357 | ---- | C] () -- C:\WINDOWS\PRFX2K.INI
[2009/02/25 14:49:45 | 00,003,082 | ---- | C] () -- C:\WINDOWS\System32\affv9869p4now.sys
[2008/08/17 23:40:39 | 00,000,211 | ---- | C] () -- C:\Documents and Settings\Troy\Application Data\default.pls
[2008/08/17 14:56:00 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/20 09:07:27 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\88D7456F-2D0E-40AA-BDBC-7BC292A1FF1A_RUNTIME.cache
[2007/05/01 19:17:18 | 00,002,151 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/20 14:59:08 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2007/02/20 14:59:06 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2007/02/20 14:59:04 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2007/01/03 11:24:36 | 00,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/01/03 11:22:46 | 00,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/01/03 11:22:14 | 00,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/10/08 20:54:59 | 00,000,034 | ---- | C] () -- C:\Documents and Settings\Troy\Application Data\pcouffin.log
[2006/10/08 20:54:58 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Troy\Application Data\pcouffin.cat
[2006/10/08 20:54:58 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Troy\Application Data\pcouffin.inf
[2006/09/11 23:50:27 | 00,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/09/11 23:50:26 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2005/07/24 22:29:44 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2004/11/16 21:07:32 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Troy\Application Data\QSPMShare
[2004/11/02 23:36:21 | 00,001,855 | ---- | C] () -- C:\WINDOWS\wbocx.ini
[2004/10/27 20:12:39 | 00,003,840 | ---- | C] () -- C:\WINDOWS\DellBIOS.Sys
[2004/10/03 15:39:58 | 00,004,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2004/09/12 14:21:58 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Troy\Application Data\PFP120JPR.{PB
[2004/09/12 14:21:58 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Troy\Application Data\PFP120JCM.{PB
[2004/09/09 21:15:37 | 00,000,127 | ---- | C] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\fusioncache.dat
[2004/09/08 18:22:10 | 05,666,668 | -H-- | C] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\IconCache.db
[2004/09/08 18:22:10 | 00,034,688 | ---- | C] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2004/09/08 18:22:10 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Troy\Application Data\DESKTOP.INI
[2004/09/08 17:57:14 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/09/08 17:06:27 | 00,046,080 | ---- | C] () -- C:\Documents and Settings\Troy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/09/03 21:40:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/09/03 21:36:01 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/09/03 21:20:09 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/03 21:08:00 | 00,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/01 08:49:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/03/20 11:21:34 | 00,000,791 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/03/20 10:58:32 | 00,000,647 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/03/20 10:50:44 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/03/20 10:50:30 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
[2004/03/19 15:37:28 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/05/30 07:00:02 | 01,288,192 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2003/01/07 13:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/06/22 09:09:24 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2000/05/11 09:52:22 | 00,064,512 | ---- | C] () -- C:\WINDOWS\System32\Indounin.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5B132D3E
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:918DBCA9
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F65733F1
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADE16379
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6468C896
< End of report >


OTL Extras logfile created on: 10/6/2009 7:41:13 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Troy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1023.21 Mb Total Physical Memory | 473.93 Mb Available Physical Memory | 46.32% Memory free
1.66 Gb Paging File | 1.18 Gb Available in Paging File | 70.98% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 52.33 Gb Total Space | 4.90 Gb Free Space | 9.36% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILDUNC2
Current User Name: Troy
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus -- (Azureus Inc)
"C:\Program Files\Motorola\Software Update\msu.exe" = C:\Program Files\Motorola\Software Update\msu.exe:*:Enabled:msu -- (Motorola)
"C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe" = C:\Program Files\Common Files\Nero\Nero Web\SetupX.exe:*:Enabled:Nero ControlCenter -- (Nero AG)
"C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Enabled:RealOne Player -- (RealNetworks, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"{2A6F953D-E20A-4484-8E82-4A0BE2C25D21}" = Motorola Phone Tools
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{34B51FB4-B57A-4E62-96BA-9F16A98332F6}" = ATI MOBILITY RADEON 9000 Fire Demo v1.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1A8C8-6646-4101-B0AA-42D1EB2AB3AE}" = Windows Live Outlook Toolbar (Windows Live Toolbar)
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53B2CFE9-A508-4457-B2CA-5D253536BFB7}" = OneCare Advisor (Windows Live Toolbar)
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61DE738B-CA77-4B59-B9D3-67226BB7DCE3}" = Motorola Software Update
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66563AD8-637B-407F-BCA7-0233A16891AB}" = Business Contact Manager for Outlook 2003
"{66A7A386-6F35-41A7-A731-101F0C0153C8}" = Popup Blocker (Windows Live Toolbar)
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7323EFB7-865D-4E3C-8F6E-89C7F902DBE5}" = ATI RADEON 9800 Caves Screen Saver v1.1
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111410757}" = Scrabble Blast Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113848220}" = Agatha Christie Peril at End House
"{82CF6B6D-B9D1-42DD-A37F-FAF21632C7DD}" = ATI RADEON 9800 Chimp Demo v1.1
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0120-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B747E7F6-7A2B-4E57-B6A5-AFF21325EE2D}" = ATI RADEON 9700 Bear Demo v1.1
"{B8EF780F-126C-4CF0-AAB2-1B68BF06BA1C}" = Motorola Driver Installation 3.7.0
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2F2543F-55B7-4F7B-93BB-BE8C405384B8}" = ATI RADEON 9800 Gargoyle Screen Saver v1.1
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBD55377-3FEA-4A93-A877-DB87B6C6C990}" = Logitech Harmony Remote Software 7
"{CC379A36-DB26-4A29-877B-B6CE813FDDD5}" = ATI RADEON 9700 Debevec RNL Demo v1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF110019-D640-4252-9DD7-99C7CB684E9F}" = ATI RADEON 9700 Bacteria Screen Saver v1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D096157B-9DF4-44FF-AF45-65B6F12304D5}" = SolidWorks eDrawings 2009
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D6C9AF27-9414-46C8-B9D8-D878BA041033}" = Nero 8
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0905}" = Microsoft Digital Image Pro 9
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E34D953E-FE88-4828-B407-8FD29341D36B}" = Motorola Phone Tools
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FE7A3FE1-AF76-44FD-BC70-09868A51887A}" = iPod for Windows 2005-06-26
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 3.0.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG8Uninstall" = AVG Free 8.5
"Azureus Vuze" = Azureus Vuze
"BCM V.92 56K Modem" = BCM V.92 56K Modem
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CopyToDVD_is1" = CopyToDVD
"DVD43_is1" = DVD43 v3.9.0
"GoToAssist" = GoToAssist 8.0.0.516
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{06E73C0B-7DE7-4F41-860B-587033B75BD9}" = iPod Updater 2004-11-15
"InstallShield_{2A6282FF-B75B-463F-90F5-0A43732F690D}" = Broadcom Management Programs
"InstallShield_{44A537A5-859C-43A6-8285-C0668142A090}" = iPod for Windows 2005-03-23
"InstallShield_{849ABF1A-6AE3-45E1-B260-D5447B2F29F5}" = OpenMG Secure Module 4.2.00
"InstallShield_{B6ACFF51-248A-4290-B50B-E50C81F25B97}" = iPod for Windows
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"InstallShield_{FE7A3FE1-AF76-44FD-BC70-09868A51887A}" = iPod for Windows 2005-06-26
"IsoBuster_is1" = IsoBuster 1.9.1
"IsoViewX30Uc" = ITEDO IsoView ActiveX Control 3.0
"LucasArts' Rogue Squadron" = LucasArts' Rogue Squadron
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder" = MediaCoder 0.6.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureIt_POD_v9" = Microsoft Digital Image Library 9
"PictureIt_v9" = Microsoft Digital Image Pro 9
"PowerISO" = PowerISO
"Professor Teaches Excel 2000" = Professor Teaches Excel 2000
"RealPlayer 6.0" = RealOne Player
"Shockwave" = Shockwave
"TurboTax Deluxe 2005" = TurboTax Deluxe 2005
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"Tux Paint_is1" = Tux Paint 0.9.17
"VLC media player" = VLC media player 0.9.8a
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Workshop Information System - WIS" = Workshop Information System - WIS
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/2/2009 3:13:36 PM | Computer Name = WILDUNC2 | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
handle is invalid. (0x80070006)

Error - 10/5/2009 3:16:25 PM | Computer Name = WILDUNC2 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2009 12:38:48 AM | Computer Name = WILDUNC2 | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
remote procedure call failed and did not execute. (0x800706bf)

Error - 10/6/2009 8:19:37 AM | Computer Name = WILDUNC2 | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
remote procedure call failed and did not execute. (0x800706bf)

Error - 10/6/2009 7:20:43 PM | Computer Name = WILDUNC2 | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
remote procedure call failed and did not execute. (0x800706bf)

Error - 10/6/2009 10:02:34 PM | Computer Name = WILDUNC2 | Source = Application Hang | ID = 1002
Description = Hanging application setup.exe, version 8.5.0.420, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2009 10:02:39 PM | Computer Name = WILDUNC2 | Source = Application Hang | ID = 1001
Description = Fault bucket 1484403588.

Error - 10/6/2009 10:04:38 PM | Computer Name = WILDUNC2 | Source = Application Hang | ID = 1002
Description = Hanging application setup.exe, version 8.5.0.420, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/6/2009 10:04:41 PM | Computer Name = WILDUNC2 | Source = Application Hang | ID = 1001
Description = Fault bucket 1484403588.

Error - 10/6/2009 10:27:51 PM | Computer Name = WILDUNC2 | Source = Windows Search Service | ID = 3104
Description = Enumerating user sessions to generate filter pools failed. Details:
The
remote procedure call failed and did not execute. (0x800706bf)

[ System Events ]
Error - 10/2/2009 7:16:59 PM | Computer Name = WILDUNC2 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\MSAxp.dll.
Reference
error message: The operation completed successfully. .

Error - 10/5/2009 3:15:40 PM | Computer Name = WILDUNC2 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 804ff712, parameter3
a6948c98, parameter4 00000000.

Error - 10/5/2009 4:43:05 PM | Computer Name = WILDUNC2 | Source = Print | ID = 19
Description = Sharing printer failed + 1722, Printer Microsoft XPS Document Writer
share name Printer.

Error - 10/5/2009 4:47:05 PM | Computer Name = WILDUNC2 | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000005, parameter2 804ff712, parameter3
a7737c98, parameter4 00000000.

Error - 10/6/2009 12:26:07 AM | Computer Name = WILDUNC2 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/6/2009 12:38:07 AM | Computer Name = WILDUNC2 | Source = Srv | ID = 2019
Description = The server was unable to allocate from the system nonpaged pool because
the pool was empty.

Error - 10/6/2009 8:04:43 AM | Computer Name = WILDUNC2 | Source = WMPNetworkSvc | ID = 866329
Description = IPv4 support has been disabled in WMPNetworkSvc because IP address
table retrieval encountered error '1450'. To enable IPv4 support, restart the WMPNetworkSvc
service.

Error - 10/6/2009 3:41:14 PM | Computer Name = WILDUNC2 | Source = System Error | ID = 1003
Description = Error code 10000050, parameter1 e1252000, parameter2 00000000, parameter3
804ff712, parameter4 00000001.

Error - 10/6/2009 10:27:34 PM | Computer Name = WILDUNC2 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_GMER\0000 disappeared from the system without
first being prepared for removal.

Error - 10/6/2009 10:27:34 PM | Computer Name = WILDUNC2 | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_NPF\0000 disappeared from the system without
first being prepared for removal.


< End of report >

Attached Files



#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 PM

Posted 07 October 2009 - 02:02 AM

Hi wildunc1,



Right now I don’t remember what it said for sure but it downloaded it and installed it.

CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a valuable asset to your system. :(

In the future, is this something McAfee should have caught, because it didn’t in the first place?

Malware always outruns AV program. We should be extremely careful even we own so-called protection. :(

Let's do the last check for some remnants with Kas Online scanner. Please be patient and let it run the full course.


Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
Reglock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



Step2


Older versions Java have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Scroll down to where it says "Java Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) the following Java Runtime Environment (JRE or J2SE) in the name, and the following update:

    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 10
    Java SE Runtime Environment 6 Update 1
    Java 6 Update 2
    Java 6 Update 3
    Java 6 Update 5
    Java 6 Update 7
    Java 2 Runtime Environment, SE v1.4.2_03


  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.
Step3


Let's clean some temp files. Please do the following:

Please download ATF Cleaner by Atribune.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.


If you use Firefox browser
Click Firefox at the top and choose: Select All
Click the Empty Selected button.

NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Step4


Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  • Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  • Click Accept button on the "Requirements and limitations".
  • When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  • It will be Downloading and installing the program and Updating the database.
  • When Updating the database have finished, click on Settings.
  • Make sure all boxes are checked. then click on the Save button.
  • Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  • Once the scan is completed, Click on View Scan Report.
  • You may see a list of infected items over there. Click on Save Report As.
  • Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  • Please post the contents in your next reply.
  • You can refer to this animation
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.



Please post back the logs in your next reply.

1.ComboFix log
2.Kas Online Scan Report

Tell me how your pc is running now.

Edited by sundavis, 07 October 2009 - 02:06 AM.


#9 wildunc1

wildunc1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 07 October 2009 - 06:19 PM

OK, here is what I found.

ComboFix 09-10-06.04 - Troy 10/07/2009 8:44.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.438 [GMT -7:00]
Running from: c:\documents and settings\Troy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Troy\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((( Files Created from 2009-09-07 to 2009-10-07 )))))))))))))))))))))))))))))))
.

2009-10-07 05:25 . 2009-10-07 05:25 -------- d-----w- c:\program files\Windows Installer Clean Up
2009-10-07 04:38 . 2009-10-07 04:38 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-07 04:36 . 2009-10-07 04:36 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2009-10-07 04:22 . 2009-10-07 04:22 -------- d-----w- c:\documents and settings\Troy\Local Settings\Application Data\HP
2009-10-07 04:21 . 2009-10-07 04:49 -------- d-----w- c:\documents and settings\Troy\Application Data\HPAppData
2009-10-07 04:04 . 2009-10-07 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-10-07 03:59 . 2009-10-07 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-10-07 03:59 . 2009-10-07 03:59 -------- d-----w- c:\windows\hpoj6500e709
2009-10-07 03:59 . 2009-10-07 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-10-07 03:59 . 2009-10-07 03:59 -------- d-----w- c:\documents and settings\Troy\Application Data\Office Genuine Advantage
2009-10-07 03:56 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\drivers\serscan.sys
2009-10-07 03:56 . 2001-08-17 20:53 6784 ----a-w- c:\windows\system32\dllcache\serscan.sys
2009-10-07 03:50 . 2009-10-07 03:50 -------- d-----w- c:\program files\Common Files\HP
2009-10-07 03:50 . 2009-10-07 03:50 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2009-10-07 03:50 . 2009-10-07 03:50 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-07 03:46 . 2009-10-07 04:42 186577 ----a-w- c:\windows\hpwins23.dat
2009-10-07 03:46 . 2008-10-25 09:30 1847 ------w- c:\windows\hpwmdl23.dat
2009-10-07 03:34 . 2009-07-08 20:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-10-07 03:34 . 2009-07-08 20:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-10-07 03:34 . 2009-07-08 20:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-10-07 03:34 . 2009-07-16 19:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-10-07 03:33 . 2009-10-07 03:34 -------- d-----w- c:\program files\Common Files\McAfee
2009-10-07 03:27 . 2009-07-08 20:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-10-07 02:26 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-10-07 02:26 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-10-06 23:08 . 2009-10-06 23:08 -------- d-----w- c:\documents and settings\Troy\Application Data\Malwarebytes
2009-10-06 23:08 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-06 23:08 . 2009-10-06 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-06 23:08 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-06 23:08 . 2009-10-06 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 08:35 . 2009-10-01 17:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-28 21:05 . 2008-08-22 12:24 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-09-28 17:13 . 2007-07-09 18:13 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-09-28 17:13 . 2007-07-09 18:13 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-09-28 17:12 . 2008-08-12 17:58 118272 ----a-w- c:\windows\system32\hpf3l082.dll
2009-09-28 17:12 . 2007-07-09 18:13 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2009-09-28 17:11 . 2008-10-06 19:11 966656 ----a-r- c:\windows\system32\hpwtiop4.dll
2009-09-28 17:11 . 2007-07-09 18:13 364544 ----a-r- c:\windows\system32\hppldcoi.dll
2009-09-28 17:11 . 2007-07-09 18:13 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-09-28 17:11 . 2007-07-06 18:48 294912 ----a-r- c:\windows\system32\hpovst11.dll
2009-09-28 17:11 . 2008-10-06 19:11 741376 ----a-r- c:\windows\system32\hpwwiax5.dll
2009-09-26 03:17 . 2009-09-26 03:17 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-09-25 16:29 . 2009-09-25 16:29 -------- dc----w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-09-24 17:59 . 2009-10-07 04:05 -------- d-----w- c:\program files\HP
2009-09-24 17:59 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-09-24 17:59 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-09-23 15:27 . 2009-09-23 15:27 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-20 23:46 . 2009-09-20 23:46 50 ----a-w- c:\windows\system32\BRIDF04A.dat
2009-09-20 23:41 . 2009-09-20 23:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2009-09-16 15:35 . 2009-09-16 15:35 -------- d-----w- c:\documents and settings\Troy\Application Data\EDrawings
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Troy\Local Settings\Application Data\DassaultSystemes
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\Troy\Application Data\DassaultSystemes
2009-09-16 15:29 . 2009-09-16 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\DassaultSystemes
2009-09-16 15:27 . 2009-09-16 15:27 -------- d-----w- c:\program files\Common Files\SolidWorks Shared
2009-09-16 15:27 . 2009-09-16 15:27 -------- d-----w- c:\program files\Common Files\eDrawings2009
2009-09-09 21:37 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-07 14:47 . 2005-12-17 04:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-10-07 05:25 . 2009-03-11 23:20 -------- d-----w- c:\program files\MSECache
2009-10-07 04:46 . 2005-12-17 04:34 -------- d-----w- c:\program files\McAfee
2009-10-07 04:32 . 2008-03-03 05:56 -------- d-----w- c:\program files\Windows Live
2009-10-07 03:33 . 2004-09-04 04:37 -------- d-----w- c:\program files\McAfee.com
2009-10-05 18:25 . 2007-09-26 00:06 -------- d-----w- c:\documents and settings\Troy\Application Data\Azureus
2009-10-02 19:23 . 2004-09-15 00:13 -------- d-----w- c:\documents and settings\Troy\Application Data\AdobeUM
2009-09-26 22:43 . 2009-07-06 16:08 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-09-26 07:09 . 2005-05-01 04:22 -------- d-----w- c:\documents and settings\Troy\Application Data\Apple Computer
2009-09-25 17:50 . 2004-09-09 01:00 -------- d-----w- c:\documents and settings\Troy\Application Data\MSN6
2009-09-23 15:26 . 2004-09-04 04:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-21 21:54 . 2004-09-04 04:31 -------- d-----w- c:\program files\Common Files\InstallShield
2009-09-11 02:37 . 2007-07-22 06:27 -------- d-----w- c:\program files\Common Files\Apple
2009-09-10 13:46 . 2008-08-13 04:49 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-25 19:27 . 2009-08-25 19:27 -------- d-----w- c:\program files\LucasArts
2009-08-21 20:28 . 2007-02-02 04:08 -------- d-----w- c:\program files\Common Files\Remote Control Software Shared
2009-08-21 14:48 . 2004-09-04 04:40 83560 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-13 13:04 . 2009-08-11 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-13 13:04 . 2009-08-11 19:44 -------- d-----w- c:\program files\NOS
2009-08-11 19:39 . 2004-09-04 04:29 -------- d-----w- c:\program files\Java
2009-08-06 05:48 . 2009-05-02 15:33 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:01 . 2002-12-12 05:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 22:07 . 2009-08-03 22:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 22:07 . 2009-08-03 22:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 22:07 . 2009-08-03 22:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-26 23:44 . 2009-07-26 23:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 12:23 . 2009-01-21 05:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-17 19:01 . 2004-03-19 22:33 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-11 06:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-10 19:15 . 2009-07-10 19:15 306544 ----a-w- c:\windows\WLXPGSS.SCR
.

((((((((((((((((((((((((((((( SnapShot@2009-10-07_02.30.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-17 03:11 . 2008-10-17 03:11 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80KOR.dll
+ 2008-10-17 03:11 . 2008-10-17 03:11 49152 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80JPN.dll
+ 2008-10-17 03:11 . 2008-10-17 03:11 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ITA.dll
+ 2008-10-17 03:11 . 2008-10-17 03:11 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80FRA.dll
+ 2008-10-17 03:11 . 2008-10-17 03:11 61440 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ESP.dll
+ 2008-10-17 03:11 . 2008-10-17 03:11 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80ENU.dll
+ 2008-10-17 03:11 . 2008-10-17 03:11 65536 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80DEU.dll
+ 2008-10-17 03:11 . 2008-10-17 03:11 45056 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHT.dll
+ 2008-10-17 03:11 . 2008-10-17 03:11 40960 c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_341af80a\mfc80CHS.dll
+ 2008-10-17 02:30 . 2008-10-17 02:30 57344 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80u.dll
+ 2008-10-17 02:30 . 2008-10-17 02:30 69632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfcm80.dll
+ 2008-10-16 01:49 . 2008-10-16 01:49 96256 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_6e85597b\ATL80.dll
+ 2008-10-16 01:49 . 2008-10-16 01:49 12288 c:\windows\Twunk_32.dll
+ 2008-10-16 01:49 . 2008-10-16 01:49 12288 c:\windows\Twunk_16.dll
+ 2009-10-07 04:46 . 2009-10-07 04:46 16384 c:\windows\Temp\Perflib_Perfdata_5d4.dat
+ 2008-07-18 20:13 . 2008-07-18 20:13 20992 c:\windows\SYSTEM32\hpzisn12.dll
+ 2008-07-18 20:13 . 2008-07-18 20:13 29696 c:\windows\SYSTEM32\hpzipt12.dll
+ 2008-07-18 20:13 . 2008-07-18 20:13 33792 c:\windows\SYSTEM32\HPZipr12.dll
+ 2008-07-18 20:13 . 2008-07-18 20:13 53760 c:\windows\SYSTEM32\HPZipm12.dll
+ 2008-07-18 20:13 . 2008-07-18 20:13 44032 c:\windows\SYSTEM32\HPZinw12.dll
+ 2008-07-18 20:13 . 2008-07-18 20:13 49152 c:\windows\SYSTEM32\HPZidr12.dll
+ 2008-03-05 04:44 . 2008-03-05 04:44 39936 c:\windows\SYSTEM32\hpbpro.dll
+ 2008-03-05 04:45 . 2008-03-05 04:45 25600 c:\windows\SYSTEM32\hpboid.dll
+ 2008-03-05 04:44 . 2008-03-05 04:44 24576 c:\windows\SYSTEM32\hpbmiapi.dll
+ 2009-10-07 04:34 . 2009-08-06 05:48 54752 c:\windows\SYSTEM32\DRVSTORE\fssfltr_F64381C38F211E3160A660B196A6A585F80604F9\fssfltr_tdi.sys
+ 2004-09-04 04:18 . 2009-10-07 14:46 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
- 2004-09-04 04:18 . 2009-10-06 23:22 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\History\History.IE5\INDEX.DAT
+ 2009-10-07 03:41 . 2009-10-07 14:46 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2004-09-04 04:18 . 2009-10-06 23:22 32768 c:\windows\SYSTEM32\CONFIG\systemprofile\Cookies\INDEX.DAT
+ 2009-10-07 03:49 . 2009-10-07 03:49 66048 c:\windows\Installer\1fa778.msi
+ 2009-10-07 04:31 . 2009-10-07 04:31 22016 c:\windows\Installer\196f7.msi
+ 2009-10-07 04:30 . 2009-10-07 04:30 27136 c:\windows\Installer\196c8.msi
+ 2009-10-07 04:02 . 2009-10-07 04:02 65536 c:\windows\Installer\{C29C1940-CB85-4F3B-906C-33FEE0E67103}\SCut_C29C1940CB854F3B906C33FEE0E67103.exe
+ 2009-10-07 04:02 . 2009-10-07 04:02 65536 c:\windows\Installer\{C29C1940-CB85-4F3B-906C-33FEE0E67103}\DTCut_C29C1940CB854F3B906C33FEE0E67103.exe
+ 2009-10-07 04:30 . 2009-10-07 04:30 80395 c:\windows\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe
+ 2009-10-07 04:38 . 2009-10-07 04:38 29316 c:\windows\Installer\{95120000-0122-0409-0000-0000000FF1CE}\olc_setup.exe
+ 2009-10-07 04:03 . 2009-10-07 04:03 25214 c:\windows\Installer\{6EED4269-588D-45b8-A80C-26A9CA62EE4E}\NewShortcut11.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe
+ 2009-10-07 04:03 . 2009-10-07 04:03 25214 c:\windows\Installer\{6EED4269-588D-45b8-A80C-26A9CA62EE4E}\NewShortcut1.E6275AC6_5F4F_4F0B_987B_C7E51AB63AA0.exe
+ 2009-10-07 04:32 . 2009-10-07 04:32 58945 c:\windows\Installer\{6412CECE-8172-4BE5-935B-6CECACD2CA87}\wlmail.exe
+ 2009-10-07 04:05 . 2009-10-07 04:05 65536 c:\windows\Installer\{4D304678-738E-42a0-931A-2B022F49DEB8}\NewShortcut1.A6CC6977_F7B4_4C0B_9510_BCD847D4BDB2.exe
+ 2009-10-07 03:59 . 2007-12-10 16:30 65536 c:\windows\hpoj6500e709\scrub2k.exe
+ 2009-10-07 14:51 . 2009-10-07 14:51 47616 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\931576d67bc4f7d5ef5d3f9ce6e5173c\WindowsLiveWriter.ni.exe
+ 2009-10-07 14:51 . 2009-10-07 14:51 99840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\534cd402cf22bebe59ec2b87928f2fab\WindowsLive.Writer.Api.ni.dll
+ 2008-10-17 03:12 . 2008-10-17 03:12 3072 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dm_fx_ini.dll
+ 2008-10-17 03:12 . 2008-10-17 03:12 3072 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dm_fx_gpd.dll
+ 2008-10-17 03:12 . 2008-10-17 03:12 3072 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dm_fx_drvr32.dll
+ 2008-03-05 04:44 . 2008-03-05 04:44 7680 c:\windows\SYSTEM32\hpbprops.dll
+ 2008-03-05 04:45 . 2008-03-05 04:45 7680 c:\windows\SYSTEM32\hpboidps.dll
+ 2008-10-17 02:30 . 2008-10-17 02:30 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcr80.dll
+ 2008-10-17 02:30 . 2008-10-17 02:30 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcp80.dll
+ 2008-10-17 02:30 . 2008-10-17 02:30 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_0de56c07\msvcm80.dll
+ 2009-10-07 03:57 . 2007-03-09 17:03 761344 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\UNIRES.DLL
+ 2009-10-07 03:57 . 2007-03-09 17:03 740864 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\UNIDRVUI.DLL
+ 2009-10-07 03:57 . 2007-03-09 17:03 372736 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\UNIDRV.DLL
+ 2009-10-07 03:57 . 2008-08-12 17:56 607744 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpwj65n3.dll
+ 2009-10-07 03:57 . 2008-08-12 17:55 199680 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpfvu082.dll
+ 2009-10-07 03:57 . 2007-06-29 18:56 113664 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpfrs082.dll
+ 2009-10-07 03:57 . 2008-08-12 17:58 305664 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpfpr082.dll
+ 2009-10-07 03:57 . 2008-08-12 17:58 469504 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpfpa082.dll
+ 2009-10-07 03:57 . 2007-06-29 18:55 326144 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpfie082.dll
+ 2009-10-07 03:57 . 2008-08-12 17:58 524288 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpfev082.dll
+ 2009-10-07 03:57 . 2008-02-06 17:34 671816 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\HPCDMC32.dll
+ 2009-10-07 04:18 . 2008-03-13 04:52 761344 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\hp_officejet_6500_e709n_series_fax\unires.dll
+ 2009-10-07 04:18 . 2008-07-06 12:06 744960 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\hp_officejet_6500_e709n_series_fax\unidrvui.dll
+ 2009-10-07 04:18 . 2008-07-06 12:06 373248 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\hp_officejet_6500_e709n_series_fax\unidrv.dll
+ 2009-10-07 04:18 . 2008-10-17 03:12 155648 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\hp_officejet_6500_e709n_series_fax\hpaiounifax.dll
+ 2008-10-17 03:12 . 2008-10-17 03:12 155648 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpaiounifax.dll
+ 2004-09-04 04:19 . 2009-10-07 04:52 515768 c:\windows\SYSTEM32\PERFH009.DAT
- 2004-09-04 04:19 . 2009-06-16 03:09 515768 c:\windows\SYSTEM32\PERFH009.DAT
- 2004-09-04 04:19 . 2009-06-16 03:09 100692 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-09-04 04:19 . 2009-10-07 04:52 100692 c:\windows\SYSTEM32\PERFC009.DAT
+ 2008-10-17 02:29 . 2008-10-17 02:29 218496 c:\windows\SYSTEM32\Macromed\Flash\FlashUtil9f.exe
+ 2007-04-24 17:33 . 2007-04-24 17:33 114688 c:\windows\SYSTEM32\hplbdchn.dll
+ 2009-07-08 20:44 . 2009-07-08 20:44 214024 c:\windows\SYSTEM32\DRIVERS\mfehidk.sys
- 2004-09-04 04:18 . 2009-10-06 23:22 294912 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2004-09-04 04:18 . 2009-10-07 14:46 294912 c:\windows\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT
+ 2009-10-07 05:25 . 2009-10-07 05:25 472064 c:\windows\Installer\2444dc.msi
+ 2009-10-07 04:06 . 2009-10-07 04:06 603136 c:\windows\Installer\1fa805.msi
+ 2009-10-07 04:06 . 2009-10-07 04:06 641024 c:\windows\Installer\1fa7f9.msi
+ 2009-10-07 04:06 . 2009-10-07 04:06 444416 c:\windows\Installer\1fa7f2.msi
+ 2009-10-07 04:05 . 2009-10-07 04:05 616960 c:\windows\Installer\1fa7ed.msi
+ 2009-10-07 04:05 . 2009-10-07 04:05 550912 c:\windows\Installer\1fa7e8.msi
+ 2009-10-07 04:05 . 2009-10-07 04:05 713728 c:\windows\Installer\1fa7e1.msi
+ 2009-10-07 04:04 . 2009-10-07 04:04 663040 c:\windows\Installer\1fa7d6.msi
+ 2009-10-07 04:04 . 2009-10-07 04:04 582656 c:\windows\Installer\1fa7d1.msi
+ 2009-10-07 04:04 . 2009-10-07 04:04 711168 c:\windows\Installer\1fa7cc.msi
+ 2009-10-07 04:03 . 2009-10-07 04:03 373248 c:\windows\Installer\1fa7c3.msi
+ 2009-10-07 04:03 . 2009-10-07 04:03 344576 c:\windows\Installer\1fa7be.msi
+ 2009-10-07 04:02 . 2009-10-07 04:02 534016 c:\windows\Installer\1fa7b9.msi
+ 2009-10-07 04:01 . 2009-10-07 04:01 596480 c:\windows\Installer\1fa7b3.msi
+ 2009-10-07 04:01 . 2009-10-07 04:01 306688 c:\windows\Installer\1fa7ae.msi
+ 2009-10-07 04:01 . 2009-10-07 04:01 433664 c:\windows\Installer\1fa7a9.msi
+ 2009-10-07 04:00 . 2009-10-07 04:00 501760 c:\windows\Installer\1fa7a0.msi
+ 2009-10-07 04:00 . 2009-10-07 04:00 326144 c:\windows\Installer\1fa79b.msi
+ 2009-10-07 04:00 . 2009-10-07 04:00 519680 c:\windows\Installer\1fa796.msi
+ 2009-10-07 04:00 . 2009-10-07 04:00 310272 c:\windows\Installer\1fa791.msi
+ 2009-10-07 04:00 . 2009-10-07 04:00 943104 c:\windows\Installer\1fa78c.msi
+ 2009-10-07 03:59 . 2009-10-07 03:59 303616 c:\windows\Installer\1fa787.msi
+ 2009-10-07 03:50 . 2009-10-07 03:50 855040 c:\windows\Installer\1fa782.msi
+ 2009-10-07 03:49 . 2009-10-07 03:49 384000 c:\windows\Installer\1fa77d.msi
+ 2009-10-07 02:57 . 2009-10-07 02:57 119296 c:\windows\Installer\1a0332.msi
+ 2009-10-07 04:38 . 2009-10-07 04:38 517120 c:\windows\Installer\197c3.msi
+ 2009-10-07 04:35 . 2009-10-07 04:35 969728 c:\windows\Installer\197ae.msi
+ 2009-10-07 04:34 . 2009-10-07 04:34 569344 c:\windows\Installer\1979c.msi
+ 2009-10-07 04:33 . 2009-10-07 04:33 778752 c:\windows\Installer\1976a.msi
+ 2009-10-07 04:32 . 2009-10-07 04:32 463872 c:\windows\Installer\1972e.msi
+ 2009-10-07 04:32 . 2009-10-07 04:32 735744 c:\windows\Installer\1971f.msi
+ 2009-10-07 04:30 . 2009-10-07 04:30 430080 c:\windows\Installer\196f0.msi
+ 2009-10-07 04:30 . 2009-10-07 04:30 155648 c:\windows\Installer\196d4.msi
+ 2009-10-07 04:25 . 2009-10-07 04:25 480768 c:\windows\Installer\196bf.msi
+ 2009-10-07 04:25 . 2009-10-07 04:25 336384 c:\windows\Installer\196b9.msi
+ 2009-10-07 04:18 . 2009-10-07 04:18 642048 c:\windows\Installer\196b1.msi
+ 2009-10-07 04:33 . 2009-10-07 04:33 132096 c:\windows\Installer\{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}\WLXPhotoGalleryIcon.exe
+ 2009-10-07 04:05 . 2009-10-07 04:05 689456 c:\windows\Installer\{7059BDA7-E1DB-442C-B7A1-6144596720A4}\HPSUShortcut_BB85ED9CAFC943BDB8DC258C3C7DF72E.exe
+ 2009-10-07 14:51 . 2009-10-07 14:51 633856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\5f8809146507a8956047b7980cb049c1\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 428032 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fad42c0c7c2c60c7d371ca356d027433\WindowsLive.Writer.Localization.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 117760 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\fa4fc31a45a276040fe60fe9b2370e05\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 322048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\f6b33dc9e92ddb49069262e3b1dc31c0\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 119296 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\eed6e22ab93b2370b6a9b70204b42e6c\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 851968 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e195165c4e7c44d5f404709a8f8d5758\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bb8e348a5c9b28a622b6d3c37661d8e6\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 108544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\8335570e4770bcef587c21a55cc3dd39\WindowsLive.Writer.Passport.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 843776 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\82c122c2491be216031b6ddcd8f84c64\WindowsLive.Writer.Controls.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 118784 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7d2fc985641178605ba9debdfe146e59\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 594944 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\74f0d8ed64db5dadd0ffd8f1b1b02c33\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 334848 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\6cf11694fdc6cb7a79ddd28faded7a2c\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\681ad822aa7295018c1b9f96ad372ee0\WindowsLive.Writer.Interop.SHDocVw.ni.dll
- 2009-05-02 16:35 . 2009-05-02 16:35 313856 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\681ad822aa7295018c1b9f96ad372ee0\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 319488 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\655369517d0a6237ceacdfe25daa02b4\WindowsLive.Writer.Interop.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 152064 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\56305a199f4f12e8c9b3123b192944fb\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 174080 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3c2e32b33e55538a330d714500e9275e\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 145920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\01847dc3c3aa981649e7a59e2d53e474\WindowsLive.Client.ni.dll
+ 2008-10-17 02:30 . 2008-10-17 02:30 1079808 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80u.dll
+ 2008-10-17 02:30 . 2008-10-17 02:30 1093632 c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.91_x-ww_decbdf0c\mfc80.dll
+ 2009-10-07 03:57 . 2008-08-12 17:56 1719808 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpfui082.dll
+ 2009-10-07 03:57 . 2008-08-12 17:19 6301184 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpfst082.dll
+ 2009-10-07 03:57 . 2008-08-12 17:57 1414656 c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\officejet_6500_e709n_hpslp_ip_print\hpf3r082.dll
+ 2008-10-16 01:49 . 2008-10-16 01:49 1645320 c:\windows\SYSTEM32\gdiplus.dll
+ 2009-10-07 04:05 . 2009-10-07 04:05 1888768 c:\windows\Installer\1fa7dc.msi
+ 2009-10-07 14:51 . 2009-10-07 14:51 2002432 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e79feaf99eadddc64c6612cefdb8d9e2\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 1105920 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\951375335aae58a5e5fd61e39414582b\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-10-07 14:51 . 2009-10-07 14:51 6392832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3b0b01354b3735e2165f4234b601692d\WindowsLive.Writer.PostEditor.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-07 67128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-03-04 606208]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-27 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-02 1392640]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2006-05-22 694272]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-07-07 53248]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-04 50688]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-09-04 151597]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BCMSMMSG"="BCMSMMSG.exe" - c:\windows\BCMSMMSG.exe [2003-08-29 122880]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\SYSTEM32\narrator.exe [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-06-12 17:59 10536 ----a-w- c:\program files\Citrix\GoToAssist\516\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlackBerry Desktop Redirector.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlackBerry Desktop Redirector.lnk
backup=c:\windows\pss\BlackBerry Desktop Redirector.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Desktop Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Desktop Search.lnk
backup=c:\windows\pss\Windows Desktop Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^Startup^fmnupd32.exe]
path=c:\documents and settings\Troy\Start Menu\Programs\Startup\fmnupd32.exe
backup=c:\windows\pss\fmnupd32.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Troy^Start Menu^Programs^Startup^zqosys32.exe]
path=c:\documents and settings\Troy\Start Menu\Programs\Startup\zqosys32.exe
backup=c:\windows\pss\zqosys32.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"d:\\setup\\hpznui01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 fssfltr;FssFltr;c:\windows\SYSTEM32\DRIVERS\fssfltr_tdi.sys [5/2/2009 8:33 AM 54752]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [10/6/2009 8:37 PM 203280]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 CoachVid;CoachVid;c:\windows\SYSTEM32\DRIVERS\CoachVid.sys [1/7/2008 5:29 PM 45344]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\SYSTEM32\DRIVERS\motccgp.sys [2/18/2009 12:38 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\SYSTEM32\DRIVERS\motccgpfl.sys [2/18/2009 12:38 AM 8320]
S3 MotDev;Motorola Inc. USB Device;c:\windows\SYSTEM32\DRIVERS\motodrv.sys [2/18/2009 12:38 AM 42112]
S3 motport;Motorola USB Diagnostic Port;c:\windows\SYSTEM32\DRIVERS\motport.sys [4/13/2008 8:40 PM 23680]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPOD_SERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34]

2009-10-07 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-07 04:26]

2009-10-07 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-07 04:26]

2009-10-07 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2009-10-07 c:\windows\Tasks\User_Feed_Synchronization-{1F21D622-B3CF-4E3F-B8E2-89F0887D5DA1}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: turbotax.com
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file://d:\components\Liquid.ocx
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-07 08:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(904)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToAssist\516\G2AWinLogon.dll

- - - - - - - > 'explorer.exe'(5904)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-07 9:06
ComboFix-quarantined-files.txt 2009-10-07 16:05

Pre-Run: 4,323,880,960 bytes free
Post-Run: 4,358,352,896 bytes free

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
420 --- E O F --- 2009-09-26 19:18


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Wednesday, October 7, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 07, 2009 18:17:13
Records in database: 2929542
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
Z:\

Scan statistics:
Objects scanned: 307741
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 05:32:33


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\_jhq2deb_.sys.zip Infected: Rootkit.Win32.Agent.loi 1

Selected area has been scanned.

Attached Files



#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 PM

Posted 07 October 2009 - 06:35 PM

Hi wildunc1,



As far as one infected object listed in the Kaspersky report, Qoobox belongs to ComboFix's quarantine folder, which can be safely removed and we will be taking care of now.

Other than that, your logs appear clean now. :( If you have no remaining concerns on your pc, let's do some tidy up and we can send you on your way.


Step1

Click START then RUN
Now copy/paste Combofix /u in the runbox and click OK.
Note the space between the X and the U, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2

StartOTL from to your desktop.
  • Double click OTL and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check


  • Update all these programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#11 wildunc1

wildunc1
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:39 PM

Posted 07 October 2009 - 07:56 PM

Thanks again for your help. I did not think this computer would ever be the same. So using my old McAfee program, as long as I keep it updated, is the thing to do? I'll read all the sites you recommended. In your opinion, what is the best virus program to use, so I can get it for my next computer. Thanks again.

#12 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 PM

Posted 07 October 2009 - 08:31 PM

Hi wildunc1,



McAfee seemed to be quite intrusive and a resource hog when it comes to remove malware helpers. AntiVir seems to be a light one and a good detector as well.

Regular backup important data and update your virus definitions seem to safeguard your security while the new critter prevails day after day....

Glad we could help. Take care. :(

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:06:39 PM

Posted 09 October 2009 - 11:07 AM

Since this issue appears resolved ... this Topic is closed.

Glad we could help.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users