Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Anti-Virus Soft Redirects Web Searches


  • This topic is locked This topic is locked
16 replies to this topic

#1 Ardente

Ardente

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 02 March 2010 - 12:39 AM

Hello, and thank you for the excellent site. I recently had an encounter with the anti-virus soft virus. When I first discovered I had been infected it was the type that effectively locked down the entire computer and prevents use until purchase of the software. I was able to stop this component of the virus using the guide listed on your site, but am finding that it was unsuccessful in completely removing the infection. I will still occasionally have my web searches redirected to random blank web pages which are obviously nothing but junk sites intended to re-infect my computer. Further, I have had the virus attempt to re-install itself, with the anti-virus soft pop-up window appearing on my desktop after having closed the internet. I switched over to Mozilla Firefox and started running no-script specifically to block the pages the virus attempts to open and that appears to at least prevent the virus from opening the pop-up window, however, the internet search redirects still persist. I have tried both malwarebytes and ad-aware scans to fix the problem and neither seems to completely repair my computer. Any help you can provide would be most welcome at this point, thanks in advance!


DDS (Ver_09-12-01.01) - NTFSx86
Run by LES WELCH at 3:14:08.53 on Mon 03/01/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2300 [GMT -8:00]

AV: PC-cillin Internet Security - Virus Protection *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: PC-cillin Internet Security - Spyware Protection *enabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: PC-cillin Internet Security - Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
C:\Program Files\Electronic Arts\EADM\EACoreServer.exe
C:\Program Files\Electronic Arts\EADM\EADownloadManager\EADownloadManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\LES WELCH\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080122
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyServer = proxy-server.san.rr.com:8080
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [DellAutomatedPCTuneUp] "c:\program files\dellautomatedpctuneup\PTAgnt.exe" /startup
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Aim6] "c:\program files\aim6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Start WingMan Profiler]
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [pccguide.exe] "c:\program files\trend micro\internet security 14\pccguide.exe"
mRun: [NMSSupport] "c:\program files\common files\intel\inteldh\nms\support\IntelHCTAgent.exe" /startup
mRun: [CCUTRAYICON] "c:\program files\intel\inteldh\intel media server\tools\IntelDHFMSetLoginStatus.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NoteBurner] c:\program files\noteburner\VTBurnerGUI.exe /silence
mRun: [TuneClone] c:\program files\tuneclone\TuneClone.exe /silence
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
StartupFolder: c:\users\leswel~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\programs\partygaming\partypoker\RunApp.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_03\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: callutheran.edu\apple
Trusted Zone: callutheran.edu\bblearn
Trusted Zone: turbotax.com
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\leswel~1\appdata\roaming\mozilla\firefox\profiles\1wm3t0bd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080122
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-02-27 02:58:28 632451190 ----a-w- c:\windows\MEMORY.DMP
2010-02-26 12:45:41 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-02-26 12:02:34 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-26 12:02:32 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-26 12:01:25 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-26 12:01:05 0 d-----w- c:\program files\Lavasoft
2010-02-20 21:57:18 0 ----a-w- c:\windows\system32\18467.exe
2010-02-15 10:01:29 0 d-----w- c:\users\leswel~1\appdata\roaming\Malwarebytes
2010-02-15 10:01:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 10:01:25 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-15 10:01:25 0 d-----w- c:\programdata\Malwarebytes
2010-02-15 10:01:25 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 05:29:32 0 d-----w- c:\users\leswel~1\appdata\roaming\Mount&Blade
2010-02-10 12:41:57 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 12:41:56 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 12:41:30 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 12:41:29 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 12:40:53 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 12:40:51 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 12:40:04 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 12:40:03 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 12:40:03 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 12:40:03 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 12:40:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 12:40:03 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 12:40:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 12:40:03 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 12:40:03 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 12:39:39 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 12:39:38 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-06 10:25:47 25 ----a-w- c:\windows\popcinfot.dat

==================== Find3M ====================

2010-02-28 06:17:39 32251 ----a-w- c:\programdata\nvModes.dat
2010-02-06 05:19:32 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-01-25 12:00:35 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00:35 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00:35 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00:22 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58:52 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21:20 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21:20 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21:18 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21:18 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 15:06:27 86016 ----a-w- c:\windows\inf\infpub.dat
2010-01-23 15:06:27 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-01-23 15:06:18 143360 ----a-w- c:\windows\inf\infstor.dat
2010-01-23 09:26:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-06 15:39:38 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38:47 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30:41 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-12 11:06:47 36043 ----a-w- c:\windows\DIIUnin.dat
2009-12-12 10:52:50 94208 ----a-w- c:\windows\DIIUnin.exe
2009-12-12 10:52:50 2829 ----a-w- c:\windows\DIIUnin.pif
2009-11-12 23:06:30 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-10-05 09:15:33 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-10-14 14:30:55 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-11-24 02:27:28 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-01-22 18:58:33 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 3:19:25.08 ===============


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 02 March 2010 - 08:25 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    CREATERESTOREPOINT




  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.



=============



The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for the following boxes. Please uncheck these boxes.
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive, which is typically C:\
    • Show All (This is important, so do not miss it.)
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 Ardente

Ardente
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 02 March 2010 - 11:21 PM

Hey Sam, I'm having problems getting Gmer to successfully scan my computer. Gmer will start and run fine, but will randomly crash the computer to a black screen with no given error message, then prompt how I wish to reboot windows (safe mode, safe mode with networking, etc.) The crash does not appear to happen at any specific point as I have observed this behavior 4 times in 4 different locations in the hard drive. I will attempt the scan in safe mode and will attempt one more time during normal operation while I await your next reply. In the mean time, I have managed to get the logs from OTL and will post them up.

Edit: Pc-cillin updated and promptly picked up 2 viruses shortly after posting this message, they were called JWD.exe and JWC.exe, these were deleted from the computer. Further, 3 transperent (I believe that indicates hidden) files have appeared on my desktop entitled 'desktop.ini' 'desktop.ini' and 'thumbs.db.' Finally, an attempt to run Gmer in safe mode has also resulted in a crash, will await further instructions at this point.


OTL logfile created on: 3/2/2010 7:09:23 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\LES WELCH\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 107.07 Gb Free Space | 37.83% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.68 Gb Free Space | 31.19% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME_1
Current User Name: LES WELCH
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/02 18:57:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\LES WELCH\Desktop\OTL.exe
PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/10/31 11:22:38 | 000,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
PRC - [2008/01/22 03:47:26 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/22 03:19:44 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/01/18 23:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2008/01/18 23:33:15 | 000,095,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mobsync.exe
PRC - [2007/11/09 02:19:18 | 000,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
PRC - [2007/10/11 07:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2007/10/08 13:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/09/12 00:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 00:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 22:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/23 13:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/06/27 08:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/27 07:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/11/21 13:02:24 | 001,807,960 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
PRC - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
PRC - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2006/11/03 16:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/03/02 18:57:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\LES WELCH\Desktop\OTL.exe
MOD - [2009/04/10 22:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/26 04:02:21 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/12/10 13:30:32 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/12/12 10:25:32 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2008/01/22 03:50:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/22 03:19:44 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/09 02:19:18 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2007/10/11 07:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/09/12 00:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 22:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/11 07:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/06/27 08:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 08:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 08:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 08:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 08:15:40 | 000,036,056 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/06/27 08:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 08:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 08:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 08:13:56 | 000,268,504 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/05/31 07:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 07:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/11/02 04:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0080122
IE - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\S-1-5-21-2737654320-1527788783-2857801905-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\S-1-5-21-2737654320-1527788783-2857801905-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy-server.san.rr.com:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080122"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.47
FF - prefs.js..network.proxy.ftp: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/26 01:34:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 03:47:54 | 000,000,000 | ---D | M]

[2010/02/26 01:34:36 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Mozilla\Extensions
[2010/03/02 19:05:17 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Mozilla\Firefox\Profiles\1wm3t0bd.default\extensions
[2010/02/26 01:39:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LES WELCH\AppData\Roaming\Mozilla\Firefox\Profiles\1wm3t0bd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/26 01:44:20 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\LES WELCH\AppData\Roaming\Mozilla\Firefox\Profiles\1wm3t0bd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/26 01:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHFMSetLoginStatus.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe File not found
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001..\Run: [Start WingMan Profiler] File not found
O4 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\LES WELCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\..Trusted Domains: callutheran.edu ([apple] https in Trusted sites)
O15 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\..Trusted Domains: callutheran.edu ([bblearn] https in Trusted sites)
O15 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-2737654320-1527788783-2857801905-1001\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\LES WELCH\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\LES WELCH\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 02:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/21 11:58:35 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c9598074-852f-11dd-b6ac-001d09282113}\Shell - "" = AutoRun
O33 - MountPoints2\{c9598074-852f-11dd-b6ac-001d09282113}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/05 01:07:19 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/02 18:57:56 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\LES WELCH\Desktop\OTL.exe
[2010/02/27 05:39:32 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\LES WELCH.exe
[2010/02/27 05:39:31 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/26 04:02:34 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010/02/26 04:02:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/26 04:01:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/26 04:01:05 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/26 03:58:06 | 097,364,760 | ---- | C] (Lavasoft ) -- C:\Users\LES WELCH\Desktop\Ad-AwareInstaller.exe
[2010/02/26 01:34:17 | 000,000,000 | ---D | C] -- C:\Users\LES WELCH\AppData\Local\Mozilla
[2010/02/26 01:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/26 01:30:53 | 008,327,264 | ---- | C] (Mozilla) -- C:\Users\LES WELCH\Desktop\Firefox Setup 3.6.exe
[2010/02/26 00:07:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\iexplore.exe
[2010/02/26 00:04:47 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\HijackThis.exe
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/02 19:08:43 | 058,720,256 | -HS- | M] () -- C:\Users\LES WELCH\ntuser.dat
[2010/03/02 19:00:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/02 19:00:11 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/02 18:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/02 18:57:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\LES WELCH\Desktop\OTL.exe
[2010/03/02 00:59:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 23:38:29 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/01 23:36:33 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/01 23:36:33 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/01 23:36:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/01 23:36:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/01 21:42:34 | 000,524,288 | -HS- | M] () -- C:\Users\LES WELCH\ntuser.dat{2fb7a516-933c-11dd-a92e-001d09282113}.TMContainer00000000000000000001.regtrans-ms
[2010/03/01 21:42:34 | 000,065,536 | -HS- | M] () -- C:\Users\LES WELCH\ntuser.dat{2fb7a516-933c-11dd-a92e-001d09282113}.TM.blf
[2010/03/01 21:42:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/01 21:42:09 | 003,049,724 | -H-- | M] () -- C:\Users\LES WELCH\AppData\Local\IconCache.db
[2010/03/01 21:26:34 | 257,876,086 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/01 19:04:30 | 004,194,872 | ---- | M] () -- C:\Users\LES WELCH\Desktop\awesome.zip
[2010/03/01 05:26:54 | 000,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/01 05:26:54 | 000,603,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/01 05:26:54 | 000,104,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/01 03:16:06 | 000,284,915 | ---- | M] () -- C:\Users\LES WELCH\Desktop\gmer.zip
[2010/03/01 03:13:11 | 000,524,288 | ---- | M] () -- C:\Users\LES WELCH\Desktop\dds.scr
[2010/02/28 16:53:51 | 000,021,139 | ---- | M] () -- C:\Users\LES WELCH\Desktop\Homework 2.xlsx
[2010/02/28 15:59:46 | 000,431,596 | ---- | M] () -- C:\Users\LES WELCH\Desktop\cost-acc8(2).pdf
[2010/02/28 15:58:53 | 000,431,596 | ---- | M] () -- C:\Users\LES WELCH\Desktop\cost-acc8.pdf
[2010/02/27 05:39:06 | 000,781,909 | ---- | M] () -- C:\Users\LES WELCH\Desktop\RSIT.exe
[2010/02/26 04:02:31 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/26 04:02:30 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/02/26 04:01:23 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/26 03:59:17 | 097,364,760 | ---- | M] (Lavasoft ) -- C:\Users\LES WELCH\Desktop\Ad-AwareInstaller.exe
[2010/02/26 03:34:53 | 000,192,700 | ---- | M] () -- C:\Users\LES WELCH\Desktop\Remove Fake Antivirus.exe
[2010/02/26 01:37:16 | 000,465,693 | ---- | M] () -- C:\Users\LES WELCH\Desktop\noscript-1.9.9.47.xpi
[2010/02/26 01:34:19 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/02/26 01:34:14 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/26 01:30:58 | 008,327,264 | ---- | M] (Mozilla) -- C:\Users\LES WELCH\Desktop\Firefox Setup 3.6.exe
[2010/02/26 00:07:15 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\iexplore.exe
[2010/02/26 00:04:47 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\LES WELCH.exe
[2010/02/26 00:04:47 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\HijackThis.exe
[2010/02/25 18:40:41 | 000,368,340 | ---- | M] () -- C:\Users\LES WELCH\Desktop\oskaronedesigns_Balmainss09sandals.rar
[2010/02/23 19:04:14 | 000,078,984 | ---- | M] () -- C:\Users\LES WELCH\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/23 19:02:10 | 000,323,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/22 14:24:09 | 000,017,901 | ---- | M] () -- C:\Users\LES WELCH\Documents\SC_Word_2a_MichelleWelch_2.docx
[2010/02/20 15:50:30 | 000,001,356 | ---- | M] () -- C:\Users\LES WELCH\AppData\Local\d3d9caps.dat
[2010/02/20 13:57:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\18467.exe
[2010/02/16 22:41:00 | 000,002,627 | ---- | M] () -- C:\Users\LES WELCH\Desktop\Microsoft Office Word 2007.lnk
[5 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 23:38:29 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/01 19:04:32 | 004,194,872 | ---- | C] () -- C:\Users\LES WELCH\Desktop\awesome.zip
[2010/03/01 03:17:01 | 000,293,376 | ---- | C] () -- C:\Users\LES WELCH\Desktop\gmer.exe
[2010/03/01 03:16:09 | 000,284,915 | ---- | C] () -- C:\Users\LES WELCH\Desktop\gmer.zip
[2010/03/01 03:13:12 | 000,524,288 | ---- | C] () -- C:\Users\LES WELCH\Desktop\dds.scr
[2010/02/28 15:59:46 | 000,431,596 | ---- | C] () -- C:\Users\LES WELCH\Desktop\cost-acc8(2).pdf
[2010/02/28 15:58:56 | 000,431,596 | ---- | C] () -- C:\Users\LES WELCH\Desktop\cost-acc8.pdf
[2010/02/27 18:20:04 | 000,021,139 | ---- | C] () -- C:\Users\LES WELCH\Desktop\Homework 2.xlsx
[2010/02/27 05:39:05 | 000,781,909 | ---- | C] () -- C:\Users\LES WELCH\Desktop\RSIT.exe
[2010/02/26 18:58:28 | 257,876,086 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/26 04:45:41 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010/02/26 04:01:23 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010/02/26 03:34:56 | 000,192,700 | ---- | C] () -- C:\Users\LES WELCH\Desktop\Remove Fake Antivirus.exe
[2010/02/26 01:37:14 | 000,465,693 | ---- | C] () -- C:\Users\LES WELCH\Desktop\noscript-1.9.9.47.xpi
[2010/02/26 01:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/26 01:34:14 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/25 18:40:40 | 000,368,340 | ---- | C] () -- C:\Users\LES WELCH\Desktop\oskaronedesigns_Balmainss09sandals.rar
[2010/02/22 13:22:16 | 000,017,901 | ---- | C] () -- C:\Users\LES WELCH\Documents\SC_Word_2a_MichelleWelch_2.docx
[2010/02/20 13:57:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\18467.exe
[2010/01/23 15:14:33 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/01/23 07:09:24 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/10 23:55:58 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/21 00:05:34 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009/10/21 00:05:34 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009/09/17 19:41:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/07/14 08:59:33 | 000,017,089 | ---- | C] () -- C:\Users\LES WELCH\AppData\Roaming\UserTile.png
[2008/06/30 00:18:29 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/06/30 00:18:29 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/06/30 00:18:29 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/05/14 21:05:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/03/20 01:02:03 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2008/02/27 03:11:29 | 000,000,097 | ---- | C] () -- C:\Users\LES WELCH\AppData\Local\fusioncache.dat
[2008/01/30 12:52:23 | 000,001,356 | ---- | C] () -- C:\Users\LES WELCH\AppData\Local\d3d9caps.dat
[2008/01/22 03:20:19 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/01/22 03:20:17 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/01/22 03:20:17 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/01/01 19:16:18 | 000,058,368 | ---- | C] () -- C:\Users\LES WELCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 08:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2008/01/28 12:06:23 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\acccore
[2009/08/26 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Bioshock
[2009/09/12 03:18:48 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Braid
[2010/01/10 11:49:50 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Electronic Arts
[2009/12/24 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Games
[2008/02/02 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Leadertech
[2009/12/23 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\LucasArts
[2010/02/14 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Mount&Blade
[2008/09/27 21:13:16 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\My Games
[2009/11/11 04:56:09 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\runic games
[2009/04/19 22:37:28 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Slam Dunk Studios, LLC
[2009/06/13 04:11:21 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Smart Mod Manager
[2008/02/27 03:11:35 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Turbine
[2010/03/01 23:38:29 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/03/01 21:42:13 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/04/11 07:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/01/22 10:50:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/22 10:50:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/01/22 10:50:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/01/22 10:50:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/22 10:51:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/01/22 10:58:32 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/01/22 10:58:32 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/01/22 10:58:32 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/01/22 10:58:32 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/01/22 10:50:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/01/22 10:50:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/01/22 10:51:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/01/22 10:51:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 03:03:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 03:03:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 03:03:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 03:03:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/12/11 00:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Drivers\storage\R173412\IaStor.sys
[2007/12/11 00:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/12/11 00:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007/12/11 00:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 01:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 22:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 22:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B174FAE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
< End of report >


OTL Extras logfile created on: 3/2/2010 7:09:23 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\LES WELCH\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 107.07 Gb Free Space | 37.83% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.68 Gb Free Space | 31.19% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME_1
Current User Name: LES WELCH
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2737654320-1527788783-2857801905-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2737654320-1527788783-2857801905-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0407AAA7-0F9B-4D6F-9E49-40CD0871E71C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{149C8966-F2BD-4792-96BD-1295CFB59EAA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2804CF4B-FD7C-4B64-B6D0-7C4C0D81FB0C}" = rport=137 | protocol=17 | dir=out | app=system |
"{2F4FE8E0-953D-46A3-88A7-D10FDCAB644E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{32791958-FA0D-49D1-8469-9CCC014D47A3}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{3F0D9E5B-A7A0-4114-B84D-1A87B7DA32FD}" = rport=445 | protocol=6 | dir=out | app=system |
"{58D41234-2565-42FB-BB3F-D015A353F63E}" = rport=139 | protocol=6 | dir=out | app=system |
"{6505D75E-CBB2-4178-81E0-18505B1B3F5F}" = lport=137 | protocol=17 | dir=in | app=system |
"{765541A0-BCD5-4A08-A51B-9182BE698BA0}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{798AE577-4A2A-476F-AF1E-4FB92E88A35D}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{7AFAC03A-CB57-4DCC-806A-DA8CCEF0A155}" = lport=138 | protocol=17 | dir=in | app=system |
"{82E93829-044B-46D9-95C6-831F455B7C86}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{903C1BD9-0081-43BE-9832-35FC878D9F08}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{969E23E6-4D0A-4680-A283-D7F8626E5126}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{996899D6-FBFE-4D0D-A9DE-B20216C23949}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D6AFB24-B9AF-4179-BA46-28475270196B}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{9E1E9A45-0063-4BF2-9F52-9643B962CC98}" = lport=139 | protocol=6 | dir=in | app=system |
"{AC21B459-F6D2-4370-9D09-FA3029FCF483}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{BE5817BB-98E0-46E8-B130-641C2F9F955C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C0815530-DD39-4C58-8790-B9B4EBE9F86C}" = lport=67 | protocol=17 | dir=in | name=dhcp discovery service |
"{D21E43F0-11E7-490F-A0AE-2BA0231F3FAC}" = lport=445 | protocol=6 | dir=in | app=system |
"{D27BE082-4566-4893-BCE7-2D7F7D6DFD8C}" = rport=138 | protocol=17 | dir=out | app=system |
"{D3388F03-83CF-4898-AF05-2A7D8DFA3BC9}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{D54EB764-7124-42FB-AD8A-127CFA0DF463}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E413A921-5ABF-4506-B01B-B31F4ED6B62E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0128849E-C2EF-4727-A1DC-0F4AD86839E6}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{09DC255D-F9B6-46C6-AEF4-E68CAC117B62}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{0DBBC645-6DFC-4E58-97CD-9AA7F680B5DF}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{0DED8F0B-99EB-426E-802A-D777D7666296}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{121F33EE-773B-4CC5-BC93-6FECE5B1043C}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{126F8AFC-10BF-4406-B60B-C9818B25B08C}" = protocol=17 | dir=in | app=c:\beyond the sword\civ4beyondsword.exe |
"{12FE9E2F-F331-4181-8466-BEC2795CFFE2}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{1A039093-037A-4D0A-B589-AE7E15C6B691}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1AF3A0BB-9CFD-472D-BC47-A178CB114B19}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\light of altair demo\altair.exe |
"{1F3E3EDF-0250-410B-AFD9-B65112E914C1}" = protocol=6 | dir=in | app=c:\civilization4.exe |
"{20465796-1CDE-4347-ABB5-227589E0D0DF}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\oddworld abes oddysee\abewin.exe |
"{20CFE185-6E4D-45D8-B914-6946AB982525}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{23F10DE2-0AF7-4028-BA7D-07AEB2DE260F}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\overlord\overlord.exe |
"{271F8780-753F-4212-BDDB-E727F85AB0BE}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{2A3A0BF5-9B49-4E83-B3F8-DD307A3A9A92}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\overlord\config.exe |
"{2D843676-FC0A-4544-A5C7-B6F0F6A9DC3E}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{302A3996-E26C-40B5-9E8B-B0C9D03B4D39}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{30FDD95D-AE92-407D-8D13-24A1EDAE0686}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\beyond good and evil\checkapplication.exe |
"{362CD212-7348-42E4-8130-D966D5F50867}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{37265651-F350-4C55-B345-510E866D4FD1}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{37AF761B-F00F-4933-9D00-1A3760A49068}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{3AEEE4B7-C0E0-4950-A10A-6F03E53672E5}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{3B403C27-1BED-4976-B8F6-8687E90275E1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3B7CB925-5D59-4E95-9671-A6D8B3713453}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{3C0B59F4-15E1-4EA2-88DD-BEEDA5E92E71}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |
"{412A2C8D-9099-48AB-836F-ED352684ABEC}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{418AFB75-25A5-4C33-B46A-E1E6D72A0C46}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\peggle deluxe\peggle.exe |
"{42847470-5083-443A-9E0B-0AD807A2EC90}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{44CFDDB6-13C9-499D-91D9-8B77CC8C3F00}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\painkiller gold edition\bin\editor\paineditor.exe |
"{47560F9D-2202-466C-B770-CE1A5098B220}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{4A40B4D2-C4FD-4EDB-8B0C-3B598894A7D8}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\mass effect\binaries\masseffect.exe |
"{4C835E0A-DA6D-4A50-8735-B0800462F8EA}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\beyond good and evil\checkapplication.exe |
"{4D47B80F-20BF-41DB-95B5-EEA9A13F8AED}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{507698DC-23EA-4568-B371-6103F9E505C8}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\king's bounty - the legend\kb.exe |
"{50F5E4CF-62DA-4106-99F4-AF0C31E8D19F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{512C4704-E89E-4E03-8457-5789C529E2AE}" = protocol=6 | dir=in | app=c:\program files\diablo ii\diablo ii.exe |
"{54357A4E-A2BA-4862-A640-05843EC1A136}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\farcry\bin32\farcry.exe |
"{56BD2E51-48D2-44F0-BEA3-9DCEC1389F45}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\vampire the masquerade - bloodlines\vampire.exe |
"{57B0EAC3-60A4-4BAF-B627-56B735DF2024}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\torchlight\torched\editor.exe |
"{59EE39D2-5E8F-4955-BE1F-D416A0B30EDB}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{5A044A5A-91A0-4B51-8AFB-ACD99A8C85C9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{5C0A80B5-E5B3-436D-8DDB-737C4AD07710}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\king's bounty - the legend\kb.exe |
"{5D8AFB06-4B13-4CE3-B5C1-BA82F5BEE30D}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{5F9AC4D9-C7B9-434A-B924-57569B4E9815}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{5FB50E83-8541-41D9-AFAD-E64FE6A1105B}" = protocol=6 | dir=in | app=c:\beyond the sword\civ4beyondsword_pitboss.exe |
"{5FF9AFF0-289F-4F31-B7C7-BF6F0EB33DBB}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword_pitboss.exe |
"{605823B3-0937-4672-A42A-46A7D87977E4}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{60736939-C64D-4DE1-8D23-A4D0BF7BF56D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe |
"{60975A8D-406A-4C53-BBE6-36FA44B51EAA}" = protocol=17 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\ttax.exe |
"{6273645E-74C4-440C-8413-F016C736B150}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{63852CDD-282C-4C60-A44D-AF8E4A0306CB}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\oddworld abes exoddus\exoddus.exe |
"{659D9F14-8740-4F51-A092-BF3F52D11AF3}" = protocol=6 | dir=in | app=c:\program files\turbotax\deluxe 2007\32bit\updatemgr.exe |
"{6765DEE2-022B-45B6-BB32-AEF839B0506B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6B3ACC4D-9D10-4D5D-83B3-0DF96C5AD1BA}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\world of goo\worldofgoo.exe |
"{6BB14CD9-C5DC-45D6-8BE3-C5C3FD059A51}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{6E3055AC-ABEF-4DBE-AEB5-C6B90076BD7F}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{71FAEDA1-33E8-4C55-843D-C8308F17FA36}" = protocol=6 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{738CE4CA-3F72-4216-9828-D68BF77FD5F8}" = protocol=17 | dir=in | app=c:\program files\firaxis games\sid meier's civilization 4\beyond the sword\civ4beyondsword.exe |
"{75E94500-6407-40A5-A0B3-B4EA1B2FC90F}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\torchlight\torchlight.exe |
"{7A309CA4-5B74-4396-91C3-F9A1ED996CDE}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\light of altair demo\altair.exe |
"{8192EF23-7A03-461C-A6F1-FFF017F4B518}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{8310B9AB-CCA5-4281-B90F-F57918C0FC7D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\peggle deluxe\peggle.exe |
"{85113AC8-5401-41BD-A089-3FAC49BFB913}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{8CB04D82-EFE8-45A8-90AA-01A92E7BF68A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8D5A0F91-3C9D-41B7-ABF5-A104F1E80AEC}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{90400FA5-29DB-4B44-A325-CC417A726921}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\farcry\bin32\farcry.exe |
"{90FC9991-C22B-4F0B-ADCF-30663600D925}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\swkotor\swkotor.exe |
"{97D7471D-475F-4EED-B9D8-7095D4E5AD46}" = protocol=17 | dir=in | app=c:\civilization4.exe |
"{9EFF7161-1269-4338-AF1F-90F0C5216A8D}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\dragon age orgins character creator\daoriginslauncher.exe |
"{A23064F6-9CAF-4379-8C59-3DFE393A6042}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A2CA5733-38AD-42D9-A6E6-3AD55527B218}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{A300AA67-9209-4563-ACE8-CC7D984A2154}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{A35BE13C-BE0F-4E98-96B8-49AE3DD92EC7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A550AB26-3DA0-45B8-83B3-4D133EB6442D}" = protocol=6 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{A77F4953-1B27-4915-BD77-E31015E0518A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\torchlight\torched\editor.exe |
"{AE4BBDC9-11DB-45A2-9D23-FF4DA6783D58}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{AEBFA6EF-1E55-4951-B5DD-0A4809C940E0}" = protocol=17 | dir=in | app=c:\program files\eidos\batman arkham asylum\binaries\shippingpc-bmgame.exe |
"{AFE736B7-5BA3-43F6-ABA1-121B5E6ACA0A}" = protocol=17 | dir=in | app=c:\program files\diablo ii\diablo ii.exe |
"{B11C64DE-902B-4998-BEF4-FD7DBFFF2A54}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{B11F7617-A80E-413E-BB2F-4468EFBC3ED5}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\overlord\overlord.exe |
"{B1F354EB-FBBC-4D62-90A6-019A64309D73}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\torchlight\torchlight.exe |
"{B5CC2B10-653D-4FD9-9F41-40EF9018938E}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{B643A672-DCB8-450A-9714-9F8B0285CC3E}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{B66A3E9E-DAA4-4BFF-B387-3774439C1716}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\torchlight\torched\editor.exe |
"{B69CEA74-4E82-45D4-B91B-9B13FFD55201}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{B733FF97-4BDF-4ADF-8B49-BC485F154A60}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{B82365F6-1E2D-4CB7-9043-D8147E4A9901}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\dragon age orgins character creator\daoriginslauncher.exe |
"{BB0C970D-AB04-44E9-AF40-C66115BEA40B}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{BB227067-73A8-4A88-B327-0520E35880CA}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{BB227604-2337-44AD-8A12-1E5601AFE324}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BB728431-2D99-4918-8E67-11052D44A679}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\torchlight\torchlight.exe |
"{BC0814BC-9620-4414-8BF0-7905219FFD1D}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.9.9551-to-3.1.0.9767-enus-downloader.exe |
"{C05CB400-8567-4BCD-BD94-E1AE9DEB890D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\king's bounty - the legend\save_fixer.exe |
"{C2865306-CEF8-41B3-9C33-68DA1A1024B7}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{C320FED7-C79A-435E-8A59-CF1F8E26DDB2}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\swkotor\swkotor.exe |
"{C398DC27-8384-45FA-A85F-6B31EF25FFFD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C9588810-F76F-48D2-A096-8E0035A0C996}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\king's bounty - the legend\save_fixer.exe |
"{D20372F1-57CE-4111-9D1B-9569847763E6}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\torchlight\torched\editor.exe |
"{D3324E12-0F8F-4768-9D14-58A81FAEA038}" = protocol=17 | dir=in | app=c:\beyond the sword\civ4beyondsword_pitboss.exe |
"{D6D870FC-B55D-4979-8D3D-917ACE517482}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{D7E8AAFB-B178-460B-AC8A-7C4232263F9B}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\the secret of monkey island special edition\mise.exe |
"{D88DCD25-AB3F-43FB-B573-EB9458DB3767}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DA4F4134-1D2B-436A-B2CA-F7CA7745FD13}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{DE787898-3937-4CAB-AB88-5B82CDC11041}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{DFE44DED-55AA-46FC-80C9-6A525545F48C}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\painkiller gold edition\bin\editor\paineditor.exe |
"{E1C4EEDA-54BD-4453-9D33-C3048BE95903}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E28BE9D3-29AE-4E76-9A5E-FD10A452488F}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{E2E536AC-8D44-4F22-B3C1-2DC7315B6C20}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E73E2A19-3739-4710-9A01-13147461D539}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\oddworld abes oddysee\abewin.exe |
"{E870243D-5423-48F9-B2FB-8FF05C9B696B}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{E9AEF732-32A8-4D48-8C16-9F0A6A10774D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\ai war fleet command\aiwar.exe |
"{EB37F63F-EBE9-4C32-A4F0-CAAF426A838B}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{EF43BC24-3FCC-4D59-ACE0-C41086B78928}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{EFAA7C0D-3B28-4682-BCD1-6A928E69B48D}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\overlord\config.exe |
"{EFE22827-7315-41BD-B80F-3EFCDC4B7117}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead\left4dead.exe |
"{F02D3385-3FA8-42BD-99FB-909286EA0BD5}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\penumbra black plague\redist\penumbra.exe |
"{F109CC11-56C4-498A-B645-985089DD22B9}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\world of goo\worldofgoo.exe |
"{F2BDFF01-9370-4335-BD75-54A4D4CDF515}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\ai war fleet command\aiwar.exe |
"{F5FADEB1-07A5-44A5-ABBC-31C5BC291A97}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\penumbra overture\redist\penumbra.exe |
"{FEE20152-DC10-4EFD-B7F4-07F1A153D2CE}" = protocol=6 | dir=in | app=c:\beyond the sword\civ4beyondsword.exe |
"{FF5B3472-60C3-4A9A-BCD5-7FA81EE879A8}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\torchlight\torchlight.exe |
"{FF7020CF-8C53-4051-818F-F6900DCDF08B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"TCP Query User{00C43567-9C76-488A-BB02-48F04A26724A}C:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=c:\program files\diablo ii\game.exe |
"TCP Query User{022571F2-F864-4011-921B-1665A76B514B}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{105B561E-39FA-4497-8A36-799E3C7193AA}C:\users\les welch\appdata\local\temp\blizzard launcher temporary - 13f81f68\launcher.exe" = protocol=6 | dir=in | app=c:\users\les welch\appdata\local\temp\blizzard launcher temporary - 13f81f68\launcher.exe |
"TCP Query User{343C196D-411F-4D56-879D-F4DFC426E5BC}C:\program files\valve\steam\steamapps\al1031\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\team fortress 2\hl2.exe |
"TCP Query User{407D457C-7372-4CF8-8CD0-B7B89C5D8608}C:\program files\valve\steam\steamapps\al1031\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\counter-strike source\hl2.exe |
"TCP Query User{446D0593-AAF4-423D-A76E-D96746F0A8EF}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{50656B2F-F766-4465-B649-9543E73F2369}C:\program files\ea games\ultima online 2d client\client.exe" = protocol=6 | dir=in | app=c:\program files\ea games\ultima online 2d client\client.exe |
"TCP Query User{5A1C21B5-548D-4461-992E-54B1A6C66F81}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{5C45D245-30AE-48CF-841D-EF3EB6EF6154}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{5C915AA5-D5C4-45A1-B6BD-A192D6744166}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"TCP Query User{5F66A140-0E36-4D08-AC56-B84926FD77FF}C:\program files\valve\steam\steamapps\al1031\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\half-life\hl.exe |
"TCP Query User{69EAB924-BA90-4F30-BF22-786640440BAF}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{722F2D3C-D8EE-4990-B92F-0A0DAE827335}C:\program files\valve\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{88719AEA-5AC1-40D8-8E8C-8A40AF779DEB}C:\program files\valve\steam\steamapps\al1031\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\team fortress 2\hl2.exe |
"TCP Query User{8CFF5A27-9F95-462D-8EC6-9397C9829D22}C:\program files\valve\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\common\eve online\bin\exefile.exe |
"TCP Query User{8E644B0C-53C2-4F5B-9DAF-190CDEF9BF3D}C:\program files\valve\steam\steamapps\al1031\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\counter-strike source\hl2.exe |
"TCP Query User{980C7F78-69B8-4F75-AA1C-6B8018135C2B}C:\program files\ea games\ultima online 2d client\client.exe" = protocol=6 | dir=in | app=c:\program files\ea games\ultima online 2d client\client.exe |
"TCP Query User{ADA1A225-7B76-4998-8497-E30A0F022562}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{ADEA24BC-4034-4AD6-BBF6-CE7D3E24886B}C:\program files\valve\steam\steamapps\al1031\half-life\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\half-life\hl.exe |
"TCP Query User{C16B50EB-B920-46C0-9528-F2260CEFB435}C:\program files\valve\steam\steamapps\noobsaibot43\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\noobsaibot43\team fortress 2\hl2.exe |
"TCP Query User{DA73056F-6061-4FE4-A2EB-DA147A5011E8}C:\program files\ultima online\client.exe" = protocol=6 | dir=in | app=c:\program files\ultima online\client.exe |
"TCP Query User{E761A2D6-B959-44CD-B3C7-1D8829AAAA36}C:\program files\valve\steam\steamapps\vamzbie\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\vamzbie\team fortress 2\hl2.exe |
"TCP Query User{EAEA72A1-8F0D-423B-A7AE-B6905CB6C266}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{EBC51C10-11C9-4B14-84FF-0A3179309D34}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{EE24C3CD-A135-4A70-98FE-24840BF4F516}C:\program files\pfportchecker\pfportchecker.exe" = protocol=6 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"TCP Query User{F5EAE800-1C88-4FC1-9BD6-B3C19BE6040D}C:\program files\ea games\ultima online mondain's legacy\client.exe" = protocol=6 | dir=in | app=c:\program files\ea games\ultima online mondain's legacy\client.exe |
"TCP Query User{FCDC01E3-B877-4AEE-815C-BE8C19D95E03}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{0F6A574D-BDD5-46D7-9681-35B3A4EB2C66}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{2D3C1D53-0C2B-4E69-B21A-C773B3A53C55}C:\program files\valve\steam\steamapps\al1031\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\team fortress 2\hl2.exe |
"UDP Query User{3DDF0FE5-E863-4244-9E2A-C8810781144F}C:\program files\valve\steam\steamapps\al1031\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\half-life\hl.exe |
"UDP Query User{3F122A79-D9F1-47F0-B6BC-8C544DC1649D}C:\program files\turbine\the lord of the rings online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\turbine\the lord of the rings online\lotroclient.exe |
"UDP Query User{41103715-2D0E-48B8-A648-7A266752D414}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{41CFF499-B13F-46AD-B97F-FDE2ECC8A2A4}C:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=c:\program files\diablo ii\game.exe |
"UDP Query User{4FA33A37-273E-4700-A156-0A5B8A589DFB}C:\program files\valve\steam\steamapps\noobsaibot43\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\noobsaibot43\team fortress 2\hl2.exe |
"UDP Query User{51DA5C77-2E61-4A2E-8D58-3E31DB0AFC3E}C:\program files\valve\steam\steamapps\al1031\half-life\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\half-life\hl.exe |
"UDP Query User{6A2194B3-B7F1-4198-8CC5-4D35C1AEFD3E}C:\program files\ea games\ultima online mondain's legacy\client.exe" = protocol=17 | dir=in | app=c:\program files\ea games\ultima online mondain's legacy\client.exe |
"UDP Query User{6EA8FC6D-F49D-4EBD-BEA6-35FB4184C710}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{70690E7A-9FDA-4FBA-B3B7-CA49D13B2239}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{721C58C1-75EE-42AE-9764-FD907790C964}C:\program files\ea games\ultima online 2d client\client.exe" = protocol=17 | dir=in | app=c:\program files\ea games\ultima online 2d client\client.exe |
"UDP Query User{749E05AF-71B2-42D9-840F-B8D47C7444BA}C:\program files\valve\steam\steamapps\al1031\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\counter-strike source\hl2.exe |
"UDP Query User{86E5598C-0291-447E-8439-20B6E1ACA0BB}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{87E5BF19-85CC-4DC8-AD2A-73A5C620D416}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{8BBFEB70-76EE-407A-A034-356BEEF9202D}C:\program files\ea games\ultima online 2d client\client.exe" = protocol=17 | dir=in | app=c:\program files\ea games\ultima online 2d client\client.exe |
"UDP Query User{925FC20A-34EB-42B5-ADF3-36986555C690}C:\program files\pfportchecker\pfportchecker.exe" = protocol=17 | dir=in | app=c:\program files\pfportchecker\pfportchecker.exe |
"UDP Query User{92E0D43E-FCF1-43E7-AB0A-F13785861531}C:\program files\valve\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{9977AC84-8A72-40E5-9A1A-E1DFBBDEE2AB}C:\program files\valve\steam\steamapps\common\eve online\bin\exefile.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\common\eve online\bin\exefile.exe |
"UDP Query User{AD677494-CDB3-460E-BF76-783813F843CD}C:\users\les welch\appdata\local\temp\blizzard launcher temporary - 13f81f68\launcher.exe" = protocol=17 | dir=in | app=c:\users\les welch\appdata\local\temp\blizzard launcher temporary - 13f81f68\launcher.exe |
"UDP Query User{B8C3D494-312F-4E49-BBE0-FE80886F27AA}C:\program files\valve\steam\steamapps\vamzbie\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\vamzbie\team fortress 2\hl2.exe |
"UDP Query User{BF9FED6F-1436-4E84-AED0-79F63A10DD4C}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{CC34C73E-6725-42A3-96BB-253888166AF7}C:\program files\valve\steam\steamapps\al1031\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\team fortress 2\hl2.exe |
"UDP Query User{CE4A80B2-90E6-4314-928B-FD47A498BB31}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{D99E1A03-0634-45B6-BB2F-B3CE3242B05B}C:\program files\valve\steam\steamapps\al1031\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\al1031\counter-strike source\hl2.exe |
"UDP Query User{E23F88CD-0AFE-4683-A5BA-0166F291F51B}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{E50A0350-14F1-46DD-B84B-6EBE2B78AB50}C:\program files\ultima online\client.exe" = protocol=17 | dir=in | app=c:\program files\ultima online\client.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam™
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio EasyArchive
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{186A63A2-4256-43C6-8061-95EF77A5CDB6}" = Sid Meier's Civilization 4
"{19D2B63E-C1F1-4803-BA8B-4AB8FE216952}" = EPSON PRINT Image Framer Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E79A60F-15D2-4BEC-91AD-E41EC42E61B0}" = Batman: Arkham Asylum
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{53C6D09E-EAB6-49E5-BA4C-BA7FF13830FB}" = Sound Blaster Audigy ADVANCED MB
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5863B6EF-76D0-4FF8-AA2F-EEBE7CC49DAA}" = ArcSoft PhotoImpression 5
"{5B30AA25-BF39-4BE4-8FEE-51938BAB214D}" = TurboTax 2008 wcaiper
"{5BA1D11C-B981-4CAA-B2B5-B8ADF413EBA5}" = Pure Networks Platform
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6BBBF237-A114-48E6-BBD0-A52BEF9CCFB2}" = Cisco Network Magic
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{77D2A9D3-5800-43E3-B274-87841BC87DB2}" = Adobe ExtendScript Toolkit 2
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8AE03988-8C8C-40EE-BDC7-76781BEF1B1D}" = Adobe Setup
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAC90D5F-B8B1-4A06-B888-F3A241124D0D}" = Roxio MyDVD Premier
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B42F73D4-AFDA-4761-B3F4-23A872D11339}" = Morrowind
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C4FFCD8D-3A06-E243-2747-2CE771A8B7D4}" = EA Download Manager UI
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Premier
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5395E5F-4D45-4665-8F00-234FA33678AF}" = SlimDX Redistributable (March 2009)
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{EA8C73AA-3D75-44C9-87A2-8E945FC5FEE6}" = Trend Micro PC-cillin Internet Security 14
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FE34691C-4298-4667-9758-D7F534DD0B94}" = Dell Automated PC TuneUp
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2008
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"AIM_6" = AIM 6
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"comtypes-py2.5" = Python 2.5 comtypes-0.5.2
"Diablo II" = Diablo II
"EA Download Manager" = EA Download Manager
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.9.15
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"Parallel Port Joystick" = Parallel Port Joystick
"PartyPoker" = PartyPoker
"PIL-py2.5" = Python 2.5 PIL-1.1.6
"PokerStars" = PokerStars
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROSetDX" = Intel® PRO Network Connections 12.1.12.4
"psyco-py2.5" = Python 2.5 psyco-1.6
"pywin32-py2.5" = Python 2.5 pywin32-212
"Runic Games TorchED" = TorchED
"S.T.A.L.K.E.R. - Shadow of Chernobyl_is1" = S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005]
"Steam App 12900" = Audiosurf
"Steam App 15130" = Beyond Good and Evil
"Steam App 17460" = Mass Effect
"Steam App 215" = Source SDK Base
"Steam App 22000" = World of Goo
"Steam App 25900" = King's Bounty - The Legend
"Steam App 32360" = The Secret of Monkey Island: Special Edition
"Steam App 32370" = Star Wars: Knights of The Old Republic
"Steam App 34510" = Light of Altair Demo
"Steam App 3482" = Peggle Deluxe Demo
"Steam App 3590" = Plants Vs Zombies
"Steam App 400" = Portal
"Steam App 40410" = AI War: Fleet Command - Demo
"Steam App 41510" = Torchlight - Demo
"Steam App 41520" = Torchlight Editor
"Steam App 440" = Team Fortress 2
"Steam App 564" = Left 4 Dead 2 Add-on Support
"TmPcc" = Trend Micro PC-cillin Internet Security 14
"TS3 Install Helper Monkey" = TS3 Install Helper Monkey
"TurboTax 2008" = TurboTax 2008
"UltimaOnline" = Ultima Online: Renaissance
"Unofficial Oblivion Patch_is1" = Unofficial Oblivion Patch v3.2.0
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinRAR archiver" = WinRAR archiver
"wxPython2.8-ansi-py25_is1" = wxPython 2.8.7.1 (ansi) for Python 2.5

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Edited by Ardente, 02 March 2010 - 11:51 PM.


#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 03 March 2010 - 08:50 AM

Ok, don't worry about running Gmer. We'll work around it.

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    @Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
    @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:0B174FAE
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:66E02052
    [2010/02/20 13:57:18 | 000,000,000 | ---- | C] () -- C:\Windows\System32\18467.exe

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


===================


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Ardente

Ardente
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 03 March 2010 - 06:48 PM

Hey Sam, ran the fixes and made the OTL log, will post up the ESET log when it is done scanning.

All processes killed
========== OTL ==========
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
ADS C:\ProgramData\TEMP:0B174FAE deleted successfully.
ADS C:\ProgramData\TEMP:66E02052 deleted successfully.
C:\Windows\System32\18467.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: IUSR_NMPR
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LES WELCH
->Temp folder emptied: 404191628 bytes
->Temporary Internet Files folder emptied: 71862384 bytes
->Java cache emptied: 5290479 bytes
->FireFox cache emptied: 68689820 bytes
->Apple Safari cache emptied: 1554720 bytes
->Flash cache emptied: 56140 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 712704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 703681937 bytes
RecycleBin emptied: 1262877715 bytes

Total Files Cleaned = 2,402.00 mb


OTL by OldTimer - Version 3.1.32.0 log created on 03032010_150045

Files\Folders moved on Reboot...
C:\Windows\temp\WebEx\Log\32\atashost.log moved successfully.

Registry entries deleted on Reboot...



OTL logfile created on: 3/3/2010 3:14:25 PM - Run 2
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Users\LES WELCH\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283.04 Gb Total Space | 104.16 Gb Free Space | 36.80% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.68 Gb Free Space | 31.19% Space Free | Partition Type: NTFS
Drive E: | 5.37 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive F: | 6.10 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME_1
Current User Name: LES WELCH
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/02 18:57:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\LES WELCH\Desktop\OTL.exe
PRC - [2010/01/15 19:09:37 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/07 16:37:30 | 000,467,240 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2008/10/31 11:22:38 | 000,050,480 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe
PRC - [2008/01/22 03:47:26 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/01/22 03:19:44 | 000,072,704 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2008/01/18 23:33:40 | 000,142,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2007/11/09 02:19:18 | 000,345,696 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe
PRC - [2007/10/11 07:49:50 | 000,465,136 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe
PRC - [2007/10/08 13:50:56 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/09/12 00:40:46 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
PRC - [2007/09/12 00:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/09/10 22:45:04 | 000,124,832 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
PRC - [2007/08/23 13:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2007/06/27 08:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
PRC - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/27 07:14:52 | 000,180,224 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
PRC - [2006/11/21 13:02:24 | 001,807,960 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe
PRC - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe
PRC - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe
PRC - [2006/11/03 16:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe


========== Modules (SafeList) ==========

MOD - [2010/03/02 18:57:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\LES WELCH\Desktop\OTL.exe
MOD - [2009/04/10 22:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/10 13:30:32 | 000,321,320 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/04/07 15:34:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2008/12/12 10:25:32 | 000,029,744 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/05/19 15:17:14 | 001,475,936 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\PcCtlCom.exe -- (PcCtlCom)
SRV - [2008/01/22 03:50:30 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/22 03:19:44 | 000,072,704 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/09 02:19:18 | 000,345,696 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\Tmntsrv.exe -- (Tmntsrv)
SRV - [2007/10/11 07:49:46 | 000,076,016 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe -- (DellAMBrokerService)
SRV - [2007/09/12 00:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 22:45:04 | 000,124,832 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2007/07/11 07:33:28 | 000,069,632 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/06/27 08:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2007/06/27 08:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe -- (QualityManager) Intel®
SRV - [2007/06/27 08:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2007/06/27 08:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2007/06/27 08:15:40 | 000,036,056 | R--- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe -- (IntelDHSvcConf)
SRV - [2007/06/27 08:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel®
SRV - [2007/06/27 08:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2007/06/27 08:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel®
SRV - [2007/06/27 08:13:56 | 000,268,504 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2007/05/31 07:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 07:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/12 09:46:34 | 000,208,896 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2007/01/04 13:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/09 15:04:02 | 000,566,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\tmproxy.exe -- (tmproxy)
SRV - [2006/11/09 15:03:42 | 000,923,216 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Internet Security 14\TmPfw.exe -- (TmPfw)
SRV - [2006/11/02 04:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0080122
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy-server.san.rr.com:8080

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080122"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50
FF - prefs.js..network.proxy.ftp: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "proxy-server.san.rr.com"
FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/26 01:34:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/26 03:47:54 | 000,000,000 | ---D | M]

[2010/02/26 01:34:36 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Mozilla\Extensions
[2010/03/03 02:43:21 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Mozilla\Firefox\Profiles\1wm3t0bd.default\extensions
[2010/02/26 01:39:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LES WELCH\AppData\Roaming\Mozilla\Firefox\Profiles\1wm3t0bd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/03 02:43:21 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\LES WELCH\AppData\Roaming\Mozilla\Firefox\Profiles\1wm3t0bd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/02/26 01:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2006/09/18 13:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\Intel Media Server\tools\IntelDHFMSetLoginStatus.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NoteBurner] C:\Program Files\NoteBurner\VTBurnerGUI.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [pccguide.exe] C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TuneClone] C:\Program Files\TuneClone\TuneClone.exe File not found
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O4 - HKCU..\Run: [DellAutomatedPCTuneUp] C:\Program Files\DellAutomatedPCTuneUp\PTAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [Start WingMan Profiler] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\LES WELCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: callutheran.edu ([apple] https in Trusted sites)
O15 - HKCU\..Trusted Domains: callutheran.edu ([bblearn] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\LES WELCH\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\LES WELCH\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/10/16 02:51:33 | 000,054,544 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2009/09/21 11:58:35 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2009/09/14 22:52:49 | 000,000,050 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{5e5f4630-c8d9-11dc-af3a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5e5f4630-c8d9-11dc-af3a-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Launcher.exe -- [2009/09/22 14:02:07 | 001,668,472 | R--- | M] (Gearbox Software)
O33 - MountPoints2\{c9598074-852f-11dd-b6ac-001d09282113}\Shell - "" = AutoRun
O33 - MountPoints2\{c9598074-852f-11dd-b6ac-001d09282113}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe -- File not found
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/10/05 01:07:19 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/03/03 15:00:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/02 18:57:56 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Users\LES WELCH\Desktop\OTL.exe
[2010/02/27 05:39:32 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\LES WELCH.exe
[2010/02/27 05:39:31 | 000,000,000 | ---D | C] -- C:\rsit
[2010/02/26 04:02:32 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/26 01:34:17 | 000,000,000 | ---D | C] -- C:\Users\LES WELCH\AppData\Local\Mozilla
[2010/02/26 01:34:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/02/26 01:30:53 | 008,327,264 | ---- | C] (Mozilla) -- C:\Users\LES WELCH\Desktop\Firefox Setup 3.6.exe
[2010/02/26 00:07:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\iexplore.exe
[2010/02/26 00:04:47 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\HijackThis.exe

========== Files - Modified Within 14 Days ==========

[2010/03/03 15:18:00 | 058,720,256 | -HS- | M] () -- C:\Users\LES WELCH\ntuser.dat
[2010/03/03 15:16:45 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/03 15:16:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/03/03 15:04:10 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/03/03 15:04:10 | 000,032,251 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/03/03 15:04:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/03/03 15:04:04 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/03/03 15:03:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/03/03 15:02:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/03/03 15:02:45 | 000,524,288 | -HS- | M] () -- C:\Users\LES WELCH\ntuser.dat{2fb7a516-933c-11dd-a92e-001d09282113}.TMContainer00000000000000000001.regtrans-ms
[2010/03/03 15:02:45 | 000,065,536 | -HS- | M] () -- C:\Users\LES WELCH\ntuser.dat{2fb7a516-933c-11dd-a92e-001d09282113}.TM.blf
[2010/03/03 14:59:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/02 20:43:48 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/02 20:36:21 | 003,103,924 | -H-- | M] () -- C:\Users\LES WELCH\AppData\Local\IconCache.db
[2010/03/02 20:08:22 | 283,033,718 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/03/02 19:19:47 | 000,293,376 | ---- | M] () -- C:\Users\LES WELCH\Desktop\d5tb1bmx.exe
[2010/03/02 18:57:54 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Users\LES WELCH\Desktop\OTL.exe
[2010/03/01 19:04:30 | 004,194,872 | ---- | M] () -- C:\Users\LES WELCH\Desktop\awesome.zip
[2010/03/01 05:26:54 | 000,703,448 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/03/01 05:26:54 | 000,603,774 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/03/01 05:26:54 | 000,104,834 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/03/01 03:16:06 | 000,284,915 | ---- | M] () -- C:\Users\LES WELCH\Desktop\gmer.zip
[2010/03/01 03:13:11 | 000,524,288 | ---- | M] () -- C:\Users\LES WELCH\Desktop\dds.scr
[2010/02/28 16:53:51 | 000,021,139 | ---- | M] () -- C:\Users\LES WELCH\Desktop\Homework 2.xlsx
[2010/02/28 15:59:46 | 000,431,596 | ---- | M] () -- C:\Users\LES WELCH\Desktop\cost-acc8(2).pdf
[2010/02/28 15:58:53 | 000,431,596 | ---- | M] () -- C:\Users\LES WELCH\Desktop\cost-acc8.pdf
[2010/02/27 05:39:06 | 000,781,909 | ---- | M] () -- C:\Users\LES WELCH\Desktop\RSIT.exe
[2010/02/26 04:02:31 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/26 03:34:53 | 000,192,700 | ---- | M] () -- C:\Users\LES WELCH\Desktop\Remove Fake Antivirus.exe
[2010/02/26 01:37:16 | 000,465,693 | ---- | M] () -- C:\Users\LES WELCH\Desktop\noscript-1.9.9.47.xpi
[2010/02/26 01:34:19 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/02/26 01:34:14 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/26 01:30:58 | 008,327,264 | ---- | M] (Mozilla) -- C:\Users\LES WELCH\Desktop\Firefox Setup 3.6.exe
[2010/02/26 00:07:15 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\iexplore.exe
[2010/02/26 00:04:47 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\LES WELCH.exe
[2010/02/26 00:04:47 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LES WELCH\Desktop\HijackThis.exe
[2010/02/25 18:40:41 | 000,368,340 | ---- | M] () -- C:\Users\LES WELCH\Desktop\oskaronedesigns_Balmainss09sandals.rar
[2010/02/23 19:04:14 | 000,078,984 | ---- | M] () -- C:\Users\LES WELCH\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/23 19:02:10 | 000,323,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/22 14:24:09 | 000,017,901 | ---- | M] () -- C:\Users\LES WELCH\Documents\SC_Word_2a_MichelleWelch_2.docx
[2010/02/20 15:50:30 | 000,001,356 | ---- | M] () -- C:\Users\LES WELCH\AppData\Local\d3d9caps.dat

========== Files Created - No Company Name ==========

[2010/03/02 19:19:46 | 000,293,376 | ---- | C] () -- C:\Users\LES WELCH\Desktop\d5tb1bmx.exe
[2010/03/01 23:38:29 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/03/01 19:04:32 | 004,194,872 | ---- | C] () -- C:\Users\LES WELCH\Desktop\awesome.zip
[2010/03/01 03:17:01 | 000,293,376 | ---- | C] () -- C:\Users\LES WELCH\Desktop\gmer.exe
[2010/03/01 03:16:09 | 000,284,915 | ---- | C] () -- C:\Users\LES WELCH\Desktop\gmer.zip
[2010/03/01 03:13:12 | 000,524,288 | ---- | C] () -- C:\Users\LES WELCH\Desktop\dds.scr
[2010/02/28 15:59:46 | 000,431,596 | ---- | C] () -- C:\Users\LES WELCH\Desktop\cost-acc8(2).pdf
[2010/02/28 15:58:56 | 000,431,596 | ---- | C] () -- C:\Users\LES WELCH\Desktop\cost-acc8.pdf
[2010/02/27 18:20:04 | 000,021,139 | ---- | C] () -- C:\Users\LES WELCH\Desktop\Homework 2.xlsx
[2010/02/27 05:39:05 | 000,781,909 | ---- | C] () -- C:\Users\LES WELCH\Desktop\RSIT.exe
[2010/02/26 18:58:28 | 283,033,718 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/02/26 03:34:56 | 000,192,700 | ---- | C] () -- C:\Users\LES WELCH\Desktop\Remove Fake Antivirus.exe
[2010/02/26 01:37:14 | 000,465,693 | ---- | C] () -- C:\Users\LES WELCH\Desktop\noscript-1.9.9.47.xpi
[2010/02/26 01:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/02/26 01:34:14 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/25 18:40:40 | 000,368,340 | ---- | C] () -- C:\Users\LES WELCH\Desktop\oskaronedesigns_Balmainss09sandals.rar
[2010/02/22 13:22:16 | 000,017,901 | ---- | C] () -- C:\Users\LES WELCH\Documents\SC_Word_2a_MichelleWelch_2.docx
[2010/01/23 15:14:33 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/01/23 07:09:24 | 000,032,251 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/10 23:55:58 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009/10/21 00:05:34 | 000,339,968 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2009/10/21 00:05:34 | 000,114,688 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2009/09/17 19:41:03 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/10/07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/07/14 08:59:33 | 000,017,089 | ---- | C] () -- C:\Users\LES WELCH\AppData\Roaming\UserTile.png
[2008/06/30 00:18:29 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/06/30 00:18:29 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/06/30 00:18:29 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/05/14 21:05:06 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2008/03/20 01:02:03 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2008/02/27 03:11:29 | 000,000,097 | ---- | C] () -- C:\Users\LES WELCH\AppData\Local\fusioncache.dat
[2008/01/30 12:52:23 | 000,001,356 | ---- | C] () -- C:\Users\LES WELCH\AppData\Local\d3d9caps.dat
[2008/01/22 03:20:19 | 000,000,628 | ---- | C] () -- C:\Windows\System32\PCI_VEN_1102&DEV_FF05&SUBSYS_00001102.ini
[2008/01/22 03:20:17 | 000,101,376 | ---- | C] () -- C:\Windows\System32\APOMngr.dll
[2008/01/22 03:20:17 | 000,066,560 | ---- | C] () -- C:\Windows\System32\CmdRtr.dll
[2008/01/01 19:16:18 | 000,058,368 | ---- | C] () -- C:\Users\LES WELCH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/02 04:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/06/23 08:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2008/01/28 12:06:23 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\acccore
[2009/08/26 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Bioshock
[2009/09/12 03:18:48 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Braid
[2010/01/10 11:49:50 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Electronic Arts
[2009/12/24 20:13:28 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Games
[2008/02/02 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Leadertech
[2009/12/23 00:31:02 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\LucasArts
[2010/02/14 21:59:38 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Mount&Blade
[2008/09/27 21:13:16 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\My Games
[2009/11/11 04:56:09 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\runic games
[2009/04/19 22:37:28 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Slam Dunk Studios, LLC
[2009/06/13 04:11:21 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Smart Mod Manager
[2008/02/27 03:11:35 | 000,000,000 | ---D | M] -- C:\Users\LES WELCH\AppData\Roaming\Turbine
[2010/03/02 20:43:48 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010/03/03 15:15:41 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2008/04/11 07:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/18 23:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2008/01/22 10:50:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/22 10:50:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_8ed06b47\AGP440.sys
[2008/01/22 10:50:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=8B10CE1C1F9F1D47E4DEB1A547A00CD4 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.16400_none_b82caac9c18a4e3b\AGP440.sys
[2008/01/22 10:50:48 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=BF34B4A0E0B64440C5389AA6B902F4AD -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20496_none_b85af81edaeb8461\AGP440.sys
[2006/11/02 01:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/10 22:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/18 23:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 01:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/22 10:51:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys
[2008/01/22 10:58:32 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5da5d093\atapi.sys
[2008/01/22 10:58:32 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=61CA2C1E145809813C28752298CF9843 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20580_none_db8503133dc1c2af\atapi.sys
[2008/01/22 10:58:32 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_6c3af7d3\atapi.sys
[2008/01/22 10:58:32 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=7EB55F6BEFB392BD312CD0CD5263305D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16470_none_db063634249c06f4\atapi.sys
[2008/01/22 10:50:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_5a9555b4\atapi.sys
[2008/01/22 10:50:45 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=9E7E85EC61D1C9C3171CC08427108863 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20509_none_dbe4850d3d78c736\atapi.sys
[2008/01/22 10:51:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[2008/01/22 10:51:08 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys
[2008/02/13 03:03:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/02/13 03:03:47 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/02/13 03:03:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys
[2008/02/13 03:03:46 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 01:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTOR.SYS >
[2007/12/11 00:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Drivers\storage\R173412\IaStor.sys
[2007/12/11 00:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007/12/11 00:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
[2007/12/11 00:43:48 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_41af7b1f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/18 23:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/18 23:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 01:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/10 22:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/18 23:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/18 23:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/18 23:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 01:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/10 22:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/04/10 22:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/10 22:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
< End of report >


#6 Ardente

Ardente
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 03 March 2010 - 09:17 PM

The ESET log as requested.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=a3b3b94d9bed7c4282922523e3be7405
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-04 02:12:30
# local_time=2010-03-03 06:12:30 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 65740918 65740918 0 0
# compatibility_mode=5892 16776574 100 95 12088880 104267513 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=393171
# found=0
# cleaned=0
# scan_time=8764


#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 04 March 2010 - 08:22 AM

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.


How is your computer behaving now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Ardente

Ardente
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 04 March 2010 - 03:27 PM

Hey Sam, weirdly enough, now the redirects seem to only occur when I attempt to search the internet using google in the google toolbar. If I go directly to google through the Mozilla address bar I don't seem to have any problems anymore. Is it possible google toolbar was corrupted by the virus?

EDIT: Finally isolated the error that kept crashing Gmer when I was trying to run scans. It popped up spontaneously today after I rebooted from installing the Java JRE. For some reason I've never been able to actually see the text before today, just the icon on the system tray, error message finally visible today:

"Host process for windows services stopped working and was closed"
"A problem caused the application to stop working correctly. Windows will notify you if a solution is available."

Clicking close on the this message gives me a prompt to search the windows update site for updates, however, I just get a page saying:

"The connection was reset
The connection to the server was reset while the page was loading.
* The site could be temporarily unavailable or too busy. Try again in a few
moments.
* If you are unable to load any pages, check your computer's network
connection.
* If your computer or network is protected by a firewall or proxy, make sure
that Firefox is permitted to access the Web."

Weirdly enough, I can access windows update from the start menu just fine, just can't get any result on the web involving windows update to display, no matter where I type it in to search. My windows is also fully up to date atm, so scratch that as a problem.

Edited by Ardente, 04 March 2010 - 04:07 PM.


#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 05 March 2010 - 08:11 PM

Let's take a closer look.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 Ardente

Ardente
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 06 March 2010 - 08:50 AM

Here ya go Sam, the log for combofix.

ComboFix 10-03-05.02 - LES WELCH 03/06/2010 5:13.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3069.2095 [GMT -8:00]
Running from: c:\users\LES WELCH\Desktop\ComboFix.exe
AV: PC-cillin Internet Security - Virus Protection *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: PC-cillin Internet Security - Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: PC-cillin Internet Security - Spyware Protection *disabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2737654320-1527788783-2857801905-500
C:\install.exe
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\SIntf16.dll

----- BITS: Possible infected sites -----

hxxp://theinputonline.com
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-02-06 to 2010-03-06 )))))))))))))))))))))))))))))))
.

2010-03-06 13:24 . 2010-03-06 13:26 -------- d-----w- c:\users\LES WELCH\AppData\Local\temp
2010-03-06 13:24 . 2010-03-06 13:24 -------- d-----w- c:\users\IUSR_NMPR\AppData\Local\temp
2010-03-06 13:24 . 2010-03-06 13:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-04 20:12 . 2010-03-04 20:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-04 02:32 . 2010-03-04 02:32 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-03-03 23:43 . 2010-03-03 23:43 -------- d-----w- c:\program files\ESET
2010-03-03 23:00 . 2010-03-03 23:00 -------- d-----w- C:\_OTL
2010-02-27 13:39 . 2010-02-27 13:39 -------- d-----w- C:\rsit
2010-02-26 12:02 . 2010-02-26 12:02 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-26 09:34 . 2010-02-26 09:34 0 ----a-w- c:\windows\nsreg.dat
2010-02-26 09:34 . 2010-02-26 09:34 -------- d-----w- c:\users\LES WELCH\AppData\Local\Mozilla
2010-02-15 10:01 . 2010-02-15 10:01 -------- d-----w- c:\users\LES WELCH\AppData\Roaming\Malwarebytes
2010-02-15 10:01 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-15 10:01 . 2010-02-15 10:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-15 10:01 . 2010-02-15 10:01 -------- d-----w- c:\programdata\Malwarebytes
2010-02-15 10:01 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-15 09:14 . 2010-02-15 10:23 -------- d-----w- c:\users\LES WELCH\AppData\Local\jqceib
2010-02-15 05:29 . 2010-02-15 05:59 -------- d-----w- c:\users\LES WELCH\AppData\Roaming\Mount&Blade
2010-02-10 12:41 . 2009-12-08 20:01 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-10 12:41 . 2009-12-08 20:01 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-10 12:41 . 2009-12-11 11:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-10 12:41 . 2009-12-11 11:43 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-02-10 12:40 . 2009-12-08 20:01 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-10 12:40 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-02-10 12:40 . 2009-12-04 18:29 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-02-10 12:40 . 2009-12-04 18:30 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-02-10 12:40 . 2009-12-04 18:28 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-02-10 12:40 . 2009-12-04 18:28 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-02-10 12:40 . 2009-12-04 18:28 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-02-10 12:40 . 2009-12-04 18:28 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-02-10 12:40 . 2009-12-04 18:28 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-02-10 12:40 . 2009-12-04 18:28 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-02-10 12:40 . 2009-12-04 18:27 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-02-10 12:39 . 2009-12-04 15:56 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-10 12:39 . 2009-12-04 15:56 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-06 10:25 . 2010-02-06 10:25 25 ----a-w- c:\windows\popcinfot.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-06 13:26 . 2010-01-23 15:09 32251 ----a-w- c:\programdata\nvModes.dat
2010-03-06 13:24 . 2008-01-22 11:16 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-04 20:12 . 2008-01-22 11:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-04 20:11 . 2008-01-22 11:17 -------- d-----w- c:\program files\Java
2010-02-28 02:11 . 2008-01-22 11:30 -------- d-----w- c:\programdata\Microsoft Help
2010-02-27 03:09 . 2009-12-12 10:41 -------- d-----w- c:\program files\Diablo II
2010-02-26 12:01 . 2008-02-16 18:33 -------- d-----w- c:\programdata\Lavasoft
2010-02-24 03:04 . 2008-01-02 02:47 78984 ----a-w- c:\users\LES WELCH\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-20 23:50 . 2008-01-30 20:52 1356 ----a-w- c:\users\LES WELCH\AppData\Local\d3d9caps.dat
2010-02-11 04:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-06 05:19 . 2008-01-30 22:33 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-02-02 08:58 . 2008-09-21 23:24 -------- d-----w- c:\users\LES WELCH\AppData\Roaming\U3
2010-02-02 03:47 . 2008-01-22 11:47 -------- d-----w- c:\program files\Google
2010-01-26 06:03 . 2008-05-29 20:26 -------- d-----w- c:\program files\MyDSC2
2010-01-25 12:00 . 2010-02-24 02:54 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:00 . 2010-02-24 02:54 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:00 . 2010-02-24 02:54 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:00 . 2010-02-24 02:54 471552 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 11:58 . 2010-02-24 02:54 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:21 . 2010-02-24 02:54 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:21 . 2010-02-24 02:54 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:21 . 2010-02-24 02:54 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:21 . 2010-02-24 02:54 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 23:14 . 2008-01-02 02:47 -------- d-----w- c:\programdata\NVIDIA
2010-01-23 09:26 . 2010-02-24 02:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-23 08:09 . 2008-01-02 08:10 -------- d-----w- c:\program files\Valve
2010-01-22 15:21 . 2009-10-06 03:58 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 23:15 . 2009-06-03 02:10 -------- d-----w- c:\programdata\Electronic Arts
2010-01-19 23:15 . 2010-01-19 23:15 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-19 23:14 . 2009-12-11 08:12 -------- d-----w- c:\programdata\Pure Networks
2010-01-17 08:01 . 2008-01-22 11:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-14 09:01 . 2010-01-14 09:01 -------- d-----w- c:\program files\The Sims Resource
2010-01-10 19:49 . 2010-01-10 19:49 -------- d-----w- c:\users\LES WELCH\AppData\Roaming\Electronic Arts
2010-01-10 10:19 . 2010-01-03 04:48 -------- d-----w- c:\program files\Electronic Arts
2010-01-06 15:39 . 2010-02-24 02:54 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-01-06 15:38 . 2010-02-24 02:54 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-01-06 13:30 . 2010-02-24 02:54 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-01-02 06:38 . 2010-01-21 23:07 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-21 23:07 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-21 23:07 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-21 23:07 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-19 12:01 . 2009-12-11 07:55 8892928 ----a-w- c:\programdata\atscie.msi
2009-12-12 11:06 . 2009-12-12 10:52 36043 ----a-w- c:\windows\DIIUnin.dat
2009-12-12 10:52 . 2009-12-12 10:52 94208 ----a-w- c:\windows\DIIUnin.exe
2009-12-12 10:52 . 2009-12-12 10:52 2829 ----a-w- c:\windows\DIIUnin.pif
2008-01-22 18:58 . 2008-01-22 18:50 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellAutomatedPCTuneUp"="c:\program files\DellAutomatedPCTuneUp\PTAgnt.exe" [2007-10-11 465136]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-22 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2006-11-21 1807960]
"NMSSupport"="c:\program files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2007-06-27 439512]
"CCUTRAYICON"="c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHFMSetLoginStatus.exe" [2007-04-24 86016]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-12-12 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-12 405504]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2009-04-08 467240]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-27 13789728]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

c:\users\LES WELCH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-1-22 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:e0,82,96,86,d8,44,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2737654320-1527788783-2857801905-1001]
"EnableNotificationsRef"=dword:00000002

R0 OCDE;ZTekWare Original CD Emulator Service;c:\windows\System32\Drivers\OCDE.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
R2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2007-06-27 36056]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 DHTRACE;Intel® DHTrace Controller;c:\program files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 39640]
R3 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2007-02-12 208896]
R3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-12-12 29744]
R3 NMSCore;Intel® NMSCore;c:\program files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe [2007-06-27 317656]
R3 QualityManager;Intel® Quality Manager;c:\program files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe [2007-06-27 272600]
S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-03-06 20376]
S2 nmsunidr;UniDriver for NMS;c:\windows\system32\DRIVERS\nmsunidr.sys [2007-02-19 5376]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-11-09 345696]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2006-11-09 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-11-27 36368]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2006-11-09 566872]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 IntelDH;IntelDH Driver;c:\windows\system32\Drivers\IntelDH.sys [2008-01-22 5632]
S3 PPJoyBus;Parallel Port Joystick Bus device driver;c:\windows\system32\drivers\PPJoyBus.sys [2003-08-10 11330]
S3 PPortJoystick;Parallel Port Joystick device driver;c:\windows\system32\drivers\PPortJoy.sys [2003-08-10 21922]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2006-11-09 280392]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 03:47]

2010-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 03:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080122
uInternet Settings,ProxyServer = proxy-server.san.rr.com:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
Trusted Zone: callutheran.edu\apple
Trusted Zone: callutheran.edu\bblearn
Trusted Zone: turbotax.com
FF - ProfilePath - c:\users\LES WELCH\AppData\Roaming\Mozilla\Firefox\Profiles\1wm3t0bd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080122
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Start WingMan Profiler - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKLM-Run-NoteBurner - c:\program files\NoteBurner\VTBurnerGUI.exe
HKLM-Run-TuneClone - c:\program files\TuneClone\TuneClone.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-82A44D22-9452-49FB-00FB-CEC7DCAF7E23 - c:\program files\EA SPORTS\EA SPORTS online\EASOUNInstaller.exe
AddRemove-Unofficial Oblivion Patch_is1 - c:\bethesda softworks\Oblivion\Unofficial Oblivion Patch\unins000.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(5044)
c:\program files\Pure Networks\Network Magic\nmrsrc.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\progra~1\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\system32\STacSV.exe
c:\program files\XPSMiniViewGadget\XPSMiniViewGadget.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-03-06 05:38:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-06 13:38

Pre-Run: 109,456,887,808 bytes free
Post-Run: 109,465,128,960 bytes free

- - End Of File - - 354366B822DE4B8E5FFB2C7239F7BD4D


#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 06 March 2010 - 03:02 PM

Aha, that should make a difference. How are things now?
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 Ardente

Ardente
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 06 March 2010 - 06:50 PM

Hey Sam, I think you nailed it thumbup.gif Web searches seem to be back to normal and I haven't seen a system task crash since the combo fix reboot. Also seems a little faster over the web even though that's rather difficult to determine. I'll keep using this thing for the next day or so just to make sure all the kinks have been worked out but early reports are looking good! I'll get back to you in a day or so just to confirm it's still working fine. Thanks for the help!

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 08 March 2010 - 08:03 AM

Ok, just let me know and I'll post some final steps for you.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 Ardente

Ardente
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:04:32 AM

Posted 08 March 2010 - 08:43 AM

Yup, it seems to be back to 100%, no problems at all to report. thumbup2.gif

#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:04:32 AM

Posted 08 March 2010 - 08:44 AM

Sounds good! thumbup.gif


We need to remove Combofix now that we're done with it.
  • Click Start -> Run
  • Now type Combofix /uninstall in the runbox and click OK


==================



Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Disable and Enable System Restore. - You should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide

    Windows Vista System Restore Guide

    Renable system restore with instructions from the appropriate tutorial above.

  2. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  3. Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  4. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  5. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  6. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  7. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  8. Install Malwarebytes - Malwarebytes has free and paid versions of the program that that can identify and remove malicious software from your computer.

    Download Malwarebytes from here.

  9. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

thumbup.gif smile.gif



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users