Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

McAfee Security Centre won't load, Google sidebar and other problems


  • This topic is locked This topic is locked
26 replies to this topic

#1 speedycar53

speedycar53

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 23 July 2010 - 06:26 AM

Hello,

I have DELL laptop running Vista SP2 and McAfee security centre. Recently I got a message from Windows Defender to say I have not got an antivirus program. Well, I have always been running McAfee Security Centre provided in association with BT Yahoo and there was still an icon in the notification tray. However, right clicking the icon no longer had any effect. Trying to run from start programs likewise. On restarting the m/c I had some strange messages from Google sidebar gadgets that could not load - I disabled the sidebar. The desktop appeared to reload itself with a brief black screen several times on startup which I don't think is normal. I thought about reinstalling McAfee but the remove programs would do nothing other than open a McAfee window with no content displayed inside. Trying to run the McAfee virtual technician tool from the web had a similar result. hysterical.gif

Resorted to your forums at this point!

Since then I have tried to run GMER but this resulted in a BSOD. It also failed in safe mode. even more hysterical.gif

I therefore ran ComboFix (realise belatedly that I may have been jumping the gun here). It ran to completion and I attach the ComboFix log it produced. It seems to have deleted a log file of some sort and cleared the notification tray of quite a few icons including the McAfee icon. I have switched Windows Defender Malware scanning back on and Windows firewall is now enabled. I have restarted the m/c to see what else is different and the offending McAfee icon and the other ones returned. However, I could now uninstall McAfee using Windows functionality which allowed me to reinstall it. Windows Defender now happy that I have antivirus and using McAfee firewall. I am currently doing a full scan to see if it finds anything but am reluctant to do anything further without further guidance. Do I need to uninstall the Google add-ins (sidebar) and reinstall or can I just reenable them? Do I need to try other malware scanners for good measure? Did ComboFix actually fix anything sinister or everything? How do I clean up my system of the tools I have installed?

Attached Files


Edited by speedycar53, 23 July 2010 - 09:27 AM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:37 PM

Posted 31 July 2010 - 07:06 AM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 speedycar53

speedycar53
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 31 July 2010 - 07:19 AM

Hi m0le,

I am here and looking forward to some help.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:37 PM

Posted 31 July 2010 - 11:52 AM

Combofix removed a .log file. Nothing else there at all but it might be an idea to have a look round now you're here laugh.gif

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Then


Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

Thanks smile.gif
Posted Image
m0le is a proud member of UNITE

#5 speedycar53

speedycar53
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 01 August 2010 - 11:17 AM

Hi m0le

Have completed your instructions. Malwarebytes found nothing but SuperAntispyware found loads of tracking cookies. Not sure that there is anything terribly sinister though. Maybe that's a good thing! smile.gif

Logs as follows:

Malwarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4376

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

01/08/2010 12:18:09
mbam-log-2010-08-01 (12-18-09).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 281698
Time elapsed: 1 hour(s), 28 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




and the SuperAntispyware log:


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/01/2010 at 02:27 PM

Application Version : 4.41.1000

Core Rules Database Version : 5297
Trace Rules Database Version: 3109

Scan type : Complete Scan
Total Scan Time : 01:36:43

Memory items scanned : 822
Memory threats detected : 0
Registry items scanned : 8827
Registry threats detected : 0
File items scanned : 149858
File threats detected : 402

Adware.Tracking Cookie
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@backcountryproductions[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@msnaccountservices.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@atdmt[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@questionmarket[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@tradedoubler[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@media.adrevolver[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@doubleclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@serving-sys[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@adopt.euroclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@www.hotbar[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@apmebf[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@www.backcountry[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@msnportal.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@2o7[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@invitemedia[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@adserver.adtechus[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@zedo[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@media.adrevolver[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@bizrate[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@nextag[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@findarticles[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@www.windowsmedia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@tribalfusion[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@ads.gmodules[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@bs.serving-sys[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@ad.yieldmanager[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@specificclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@adviva[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@thefind[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@www.harborcountrybike[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@dealtime[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@mediaplex[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@dynamic.media.adrevolver[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@ads.bleepingcomputer[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@backcountry[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@adrevolver[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@imrworldwide[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@revsci[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@collective-media[1].txt
C:\Users\Matt\AppData\Local\Temp\Low\Cookies\matt@doubleclick[1].txt
acvs.mediaonenetwork.net [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
broadcast.piximedia.fr [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
cdn4.specificclick.net [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
cdn5.specificclick.net [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
cloud.video.unrulymedia.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
countdownpage.createyourcountdown.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
ec.atdmt.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
googleads.g.doubleclick.net [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
indieclick.3janecdn.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
interclick.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
m1.2mdn.net [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
m1.emea.2mdn.net [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
media.mtvnservices.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
media.scanscout.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
media.wilson.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
media1.break.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
mediaforgews.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
objects.tremormedia.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
piximedia.fr [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
s0.2mdn.net [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
secure-us.imrworldwide.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
serving-sys.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
spe.atdmt.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
static.2mdn.net [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
track.webgains.com [ C:\Users\Matt\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\R3BDGFCR ]
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@1.sharkadnetwork[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@112.2o7[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@122.2o7[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@247realmedia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@2o7[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@a1.interclick[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad-mart.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad.associatedcontent[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad.dragonstar.dmoglobal[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad.flux[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad.uk.doubleclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad.yieldmanager[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad.yieldmanager[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad.zanox[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ad1.magicalia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adbrite[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adcentriconline[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adecn[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adfarm1.adition[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adinterax[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adlegend[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adopt.euroclick[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adrevolver[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.ad4game[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.admaxasia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.anm.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.aol.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.as4x.tmcs.ticketmaster[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.associatedcontent[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.audxch[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.bleepingcomputer[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.bleepingcomputer[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.ctasnet[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.factorymedia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.hairboutique[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.honestjohn.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.lucidmedia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.lzjl[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.motogp[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.oddschecker[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.ozonemedia.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.pointroll[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.r0.d2roi[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.techguy[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.telegraph.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.twenga[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.videomaker[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads.widgetbucks[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ads2.net-communities.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adserver.adreactor[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adserver.adtechus[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adserver.aol[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adserver1.w00tmedia[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adtech[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@advertising.about[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@advertstream[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adviva[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adviva[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@adxpose[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@aimfar.solution.weborama[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@amazonmerchants.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@aoluk.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@apmebf[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@atdmt[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@b5media[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@backcountryproductions[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@backcountry[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@baseco.solution.weborama[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@bizrate.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@bluestreak[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@bonniercorp.122.2o7[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@bravenet[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@brownshoe.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@bs.serving-sys[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@bs.serving-sys[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@burstbeacon[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@burstnet[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@buycom.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@buycom.db.advertising[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@casalemedia[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@cdiscount.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@cdn1.trafficmp[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@cdn4.specificclick[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@cdn5.specificclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@chitika[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@clickpayz2.91497.blueseek[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@clicksor[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@cms.trafficmp[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@cnetaustralia.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@cnetaustralia.122.2o7[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@collective-media[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@content.yieldmanager[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@content.yieldmanager[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@content.yieldmanager[4].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@counter.hitslink[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@creview.adbureau[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@cz5.clickzs[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@data.coremetrics[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@dc.tremormedia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@discountbicycles.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@discountcyclesdirect.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@dmtracker[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@doubleclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@dreamsinc.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@dynamic.media.adrevolver[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wakoogc5wcp.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6walikhdzkbo.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wamygodpseo.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wblosodpckp.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfk4siajiap.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfkiamcjckp.stats.esomniture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfkogkd5gap.stats.esomniture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfkyckdpohp.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfkyokazobo.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfkyqndzkfp.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfkyukcjslp.stats.esomniture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfloqmdpmep.stats.esomniture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfmiqmcjabo.stats.esomniture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wfmiwlazmfo.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wgk4qmazcgp.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wgkiupczgkp.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6whkiendjkap.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wjkogld5igq.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wjlyckczokp.stats.esomniture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wjlyqncjwhp.stats.esomniture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wjny-1sazgd.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wmkyagczmlq.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wmlowpdpkkq.stats.esomniture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wmmywjcpofp.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@e-2dj6wnloepcjado.stats.esomniture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@eaeacom.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@eas.apm.emediate[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-bbc.hitbox[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-bskyb.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-debenhams.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-futurepub.hitbox[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-hotcourses.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-hotgroup.hitbox[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-kingstontechnology.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-kodak.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-logantod.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-nokiafin.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-ogilvyinteractive.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-researchinmotion.hitbox[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-techtarget.hitbox[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ehg-worldwildlifefund.hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@elitecyclingonline[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@euroclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@eyewonder[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@factorymedia.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@fastclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@findarticles[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@fineandcountry[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@fortunecity[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@fr.at.atwola[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@goal.adbureau[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@grow.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@guitarbackingtrack[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@hcourses.adbureau[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@himedia.individuad[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@hitbox[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@hot.adbureau[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@hotcourses.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@iacas.adbureau[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ice.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@imrworldwide[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@in.getclicky[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@indextools[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@indoormedia.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@insightexpressai[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@interclick[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@invitemedia[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ipcmedia.122.2o7[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@kontera[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@lfstmedia[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@lgelectronics.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@link.mercent[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@linksynergy[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@livenation.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@liveperson[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@liveperson[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@lstat.youku[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@media.adfrontiers[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@media.adrevolver[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@media.adrevolver[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@media.mtvnservices[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@media.photobucket[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@media1.seatwave[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@media2.seatwave[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@media6degrees[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@mediaforgews[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@mediaonenetwork[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@mediaplex[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@mediatraffic[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@men.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@metroleap.rotator.hadj7.adjuggler[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@microsoftgamestudio.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@microsoftinternetexplorer.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@microsoftwindows.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@mobilefun.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@msnaccountservices.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@msnportal.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@myroitracking[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@myticketmarket.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@network.realmedia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@newsquestdigitalmedia.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@nextag.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@nike.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@oddcast[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@optimize.indieclick[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@overture[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@perf.overture[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@phones4ultd.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@pluckit.demandmedia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@pointroll[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@pr.valueclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@premiumtv.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@pro-market[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@qksrv[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@questionmarket[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@realmedia[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@researchinmotion.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@revenue[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@revsci[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@revsci[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@richmedia.yahoo[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@roiservice[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@rotator.adjuggler[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@sales.liveperson[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@sales.liveperson[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@sales.liveperson[4].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@saletrack.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@samsungfunclub.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@scottcountry.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.cpmstar[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.iad.liveperson[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.iad.liveperson[5].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.iad.liveperson[6].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.iad.liveperson[7].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.iad.liveperson[8].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.iad.liveperson[9].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.lon.liveperson[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@server.lon.liveperson[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@serving-sys[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@serving-sys[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@serving-sys[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@smartadserver[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@sonyeurope.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@specificclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@specificmedia[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@stat.dealtime[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@stat.onestat[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@stat.youku[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@statcounter[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@stats.centralaccountservice[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@stats.honestjohn.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@stats.matraxis[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@statse.webtrendslive[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@tacoda[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@test.coremetrics[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@theberricscanteen[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@thefind[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@toplist[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@toyfinder.org[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@track.adform[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@track.affilibid[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@track.effiliation[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@track.webgains[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@tracker.roitesting[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@tracking.summitmedia.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@tradedoubler[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@traffic.buyservices[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@trafficmp[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@traveladvertising[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@tribalfusion[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@tripod[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@trvlnet.adbureau[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ufindus[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@uk.at.atwola[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@valueclick[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@viacom.adbureau[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@videoegg.adbureau[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@virtualfestival.w00tmedia[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@we7.adbureau[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@webo.solution.weborama[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@weborama[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ww251.smartadserver[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@ww57.smartadserver[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@wwf.122.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.3dstats[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.3pintracking[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.adxtrack[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.backcountry[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.burstbeacon[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.burstnet[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.cdiscount.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.clash-media[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.discountbicycles.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.etracker[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.goimedia.co[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.googleadservices[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.googleadservices[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.googleadservices[4].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.googleadservices[5].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.harborcountrybike[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.holiday-property-finder.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.intelli-tracker[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.scottcountry.co[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.smartadserver[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@www.vertadnet[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@xiti[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@yadro[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@yahooflickr.112.2o7[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@yieldmanager[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@yieldmanager[3].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\Low\matt@zedo[2].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@atdmt[1].txt
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Cookies\matt@serving-sys[1].txt

Adware.Flash Tracking Cookie
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\SERVING-SYS.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\COUNTDOWNPAGE.CREATEYOURCOUNTDOWN.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\ACVS.MEDIAONENETWORK.NET
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\BROADCAST.PIXIMEDIA.FR
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\MEDIA.MTVNSERVICES.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\MEDIA.SCANSCOUT.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\MEDIA1.BREAK.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\MEDIAFORGEWS.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\OBJECTS.TREMORMEDIA.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\PIXIMEDIA.FR
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\INDIECLICK.3JANECDN.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\INTERCLICK.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\EC.ATDMT.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\SPE.ATDMT.COM
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\M1.2MDN.NET
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\M1.EMEA.2MDN.NET
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\S0.2MDN.NET
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\STATIC.2MDN.NET
C:\Users\Matt\AppData\Roaming\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R3BDGFCR\SECURE-US.IMRWORLDWIDE.COM




Await your response.....



#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:37 PM

Posted 01 August 2010 - 05:15 PM

That's a good thing that there's nothing there. thumbup2.gif


One more check with ESET's online scanner
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#7 speedycar53

speedycar53
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 02 August 2010 - 06:27 AM

Hmmm... seems to have found and removed some nasties this time. thumbup2.gif

Log follows.

C:\Users\Matt\AppData\Local\elogicey.dll a variant of Win32/Cimag.CK trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Matt\AppData\Local\xrmsont.dll a variant of Win32/Cimag.DA trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Matt\AppData\Local\Temp\NODBDB7.tmp a variant of Win32/Cimag.CK trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Matt\AppData\Local\Temp\NODC344.tmp a variant of Win32/Cimag.DA trojan cleaned by deleting (after the next restart) - quarantined
C:\Users\Matt\AppData\Local\Temp\Low\0.2581376461910778.exe a variant of Win32/Cimag.DA trojan cleaned by deleting - quarantined
C:\Users\Matt\AppData\Local\Temp\Low\oricon-update.exe a variant of Win32/Cimag.DA trojan cleaned by deleting - quarantined

On restart now reports errors trying to load the 2 dlls that were deleted as above.

Await further instructions.

Edited by speedycar53, 02 August 2010 - 10:47 AM.


#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:37 PM

Posted 02 August 2010 - 05:32 PM

There's certainly been some activity here. Only the trojans and temporary files remain so still nothing that awful.

Can you run Dr Web and then let me know which symptoms still exist

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)


Posted Image
m0le is a proud member of UNITE

#9 speedycar53

speedycar53
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 03 August 2010 - 10:09 AM

unsure.gif Tried following your instructions but it didn't quite go to plan...

Scan initiated OK in Safe Mode as requested BUT... when it encountered an infected archive, a popup window appeared there and then asking if I wanted to move it so I clicked YES. The scan continued to its conclusion at which point I was NOT presented with any option to Select All - Cure > Move incurable (buttons greyed out). So, presuming it had already done this earlier, I clicked to save the report list at which point the program crashed with a blue screen, did a memory dump and rebooted!

No file called DrWeb.csv but the help file in DrWeb mentioned the location of the quaranteen folder and a log file, so using explorer, I located the quaranteen folder and a very large file called CureIt.log listing it seems every file / location scanned (about 12.5MB in total). You probably wouldn't thank me for trying to post this so I haven't!

I had made a note of the description of the infections that showed up whilst scanning. The scanner found two instances of an infection it described as exploit.java.87 in the above archive. There was a third entry for the archive itself.

What I have also noted is the details of what I deduce from the contents of a file contained in the quaranteen folder called "descript.ion" to be the details of the original file location as follows:

C:\Users\Matt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\12c3c7b0-68554897

Could not find reference to this path or filename when I searched for it in the log file itself though.

The following are the statistics which I managed to find by searching the enormous log file:

-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Scanned: 293413
Infected: 3
Modifications: 0
Suspicious: 0
Adware: 0
Dialers: 0
Jokes: 0
Riskware: 0
Hacktools: 0
Cured: 0
Deleted: 0
Renamed: 0
Moved: 1
Ignored: 0
Scan speed: 184 Kb/s
Scan time: 3:18:54

Booting up now still gives the errors unable to load the two dll files removed by the earlier scan so something wants to use them! However, no obvious consequences of their absence otherwise.

The boot sequence still seems a bit strange too. The desktop loads (without getting to the stage of loading Google sidebar), goes to black screen and reloads.

Is that enough info for you?

Where to from here?

Edited by speedycar53, 03 August 2010 - 10:42 AM.


#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:37 PM

Posted 03 August 2010 - 05:57 PM

You have malware registry entries remaining and it is attempting to load dll files which have been removed by previous security program runs.

We should be able to find these using an OTL run
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Edited by m0le, 03 August 2010 - 05:58 PM.

Posted Image
m0le is a proud member of UNITE

#11 speedycar53

speedycar53
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 04 August 2010 - 03:57 AM

Here are the scan results and I can see there are registry entries to run the offending dlls. Doubtless there is more besides...

I feel a spot of regedit coming on! Look forward to further guidance. thumbup2.gif

I guess you have your preferred tools and process but if at all useful, I have a fully licenced (for 3 m/cs) current version of PCTools Registry Mechanic but haven't used it on this m/c - was planning to do so before this problem cropped up.

OTL.txt

OTL logfile created on: 04/08/2010 09:37:02 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 156.42 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.39 Gb Free Space | 43.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)


========== Modules (SafeList) ==========

MOD - C:\Users\Matt\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
MOD - c:\Program Files\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (DFUBTUSB) -- C:\Windows\System32\Drivers\frmupgr.sys File not found
DRV - (catchme) -- C:\Users\Matt\AppData\Local\Temp\catchme.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (BCM43XX) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation)
DRV - (BCM42RLY) -- C:\Windows\System32\drivers\bcm42rly.sys (Broadcom Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (OEM02Vfx) -- C:\Windows\System32\drivers\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (OEM02Dev) -- C:\Windows\System32\drivers\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/24 18:37:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/07/23 18:03:01 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/07/23 09:48:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100723133652.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\System32\WLTRAY.EXE (Dell Inc.)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [Kwocavohiyesupah] C:\Users\Matt\AppData\Local\elogicey.DLL File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
O4 - HKCU..\Run: [Njidivikik] C:\Users\Matt\AppData\Local\xrmsont.DLL File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = C:\Program Files\BBC iPlayer Desktop\BBC iPlayer Desktop.exe ()
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-internet-signup {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll ()
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/04 09:35:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/08/03 10:27:24 | 000,000,000 | ---D | C] -- C:\Users\Matt\DoctorWeb
[2010/08/02 10:32:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/08/01 18:40:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{B5C54410-B16B-40F3-9560-04EC910DF6CD}
[2010/08/01 12:29:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\SUPERAntiSpyware.com
[2010/08/01 12:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/08/01 12:29:33 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/01 12:27:54 | 009,190,248 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Matt\Desktop\SUPERAntiSpyware.exe
[2010/08/01 10:48:54 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2010/08/01 10:48:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/01 10:48:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/01 10:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/01 10:48:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/01 10:46:43 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-1.46.exe
[2010/07/23 18:56:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Registry Mechanic
[2010/07/23 17:33:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Promosoft Corporation
[2010/07/23 17:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/07/23 17:12:21 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\My Google Gadgets
[2010/07/23 13:36:52 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010/07/23 13:36:35 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010/07/23 13:36:34 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010/07/23 13:36:34 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010/07/23 13:36:33 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010/07/23 13:36:33 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2010/07/23 13:36:32 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010/07/23 13:36:32 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010/07/23 13:36:21 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/07/23 09:54:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/07/23 09:54:06 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/07/23 09:33:21 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/07/23 09:33:21 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/07/23 09:33:21 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/07/23 09:33:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/23 09:33:10 | 000,000,000 | ---D | C] -- C:\comfix.exe
[2010/07/23 09:32:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/23 09:32:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/07/23 09:07:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/07/22 19:15:38 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files - Modified Within 30 Days ==========

[2010/08/04 09:41:25 | 002,883,584 | -HS- | M] () -- C:\Users\Matt\NTUSER.DAT
[2010/08/04 09:35:16 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe
[2010/08/04 09:31:40 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{7C3353E9-F334-4521-8175-DF4E1093AAB7}.job
[2010/08/04 09:31:12 | 000,000,900 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk
[2010/08/04 09:30:48 | 000,001,737 | ---- | M] () -- C:\Users\Public\Desktop\BT NetProtect Plus.lnk
[2010/08/04 09:30:42 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/04 09:30:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 09:30:37 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/04 09:30:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/04 09:30:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/04 09:30:29 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/03 21:00:38 | 000,524,288 | -HS- | M] () -- C:\Users\Matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010/08/03 21:00:38 | 000,065,536 | -HS- | M] () -- C:\Users\Matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/08/03 21:00:28 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/08/03 21:00:07 | 002,587,753 | -H-- | M] () -- C:\Users\Matt\AppData\Local\IconCache.db
[2010/08/03 17:19:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/03 14:38:49 | 193,986,550 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/08/03 10:22:40 | 048,116,800 | ---- | M] () -- C:\Users\Matt\Desktop\drweb-cureit.exe
[2010/08/02 12:21:31 | 000,000,120 | ---- | M] () -- C:\Users\Matt\AppData\Local\Qjocusuk.dat
[2010/08/02 10:18:43 | 000,000,000 | ---- | M] () -- C:\Users\Matt\AppData\Local\Ogukanuperam.bin
[2010/08/01 12:29:35 | 000,001,802 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/01 12:27:54 | 009,190,248 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Matt\Desktop\SUPERAntiSpyware.exe
[2010/08/01 10:48:47 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/01 10:46:43 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Matt\Desktop\mbam-setup-1.46.exe
[2010/07/29 17:02:30 | 000,010,005 | ---- | M] () -- C:\Users\Matt\Documents\Comparison of two volcanic case studies.docx
[2010/07/27 14:54:39 | 000,010,889 | ---- | M] () -- C:\Users\Matt\Documents\Personal Statement.docx
[2010/07/25 21:29:22 | 000,697,154 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/25 21:29:22 | 000,604,520 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/25 21:29:22 | 000,107,796 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/23 18:04:40 | 000,024,576 | ---- | M] () -- C:\Users\Matt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/23 11:46:53 | 000,050,477 | ---- | M] () -- C:\Users\Matt\Desktop\Defogger.exe
[2010/07/23 09:48:50 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/07/23 09:48:38 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/23 09:29:44 | 003,741,082 | R--- | M] () -- C:\Users\Matt\Desktop\comfix.exe.exe
[2010/07/23 08:56:07 | 000,293,376 | ---- | M] () -- C:\Users\Matt\Desktop\1ns0s6fj.exe
[2010/07/06 17:42:18 | 000,524,288 | -HS- | M] () -- C:\Users\Matt\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

========== Files Created - No Company Name ==========

[2010/08/03 15:25:14 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/03 10:22:40 | 048,116,800 | ---- | C] () -- C:\Users\Matt\Desktop\drweb-cureit.exe
[2010/08/01 18:40:18 | 000,000,120 | ---- | C] () -- C:\Users\Matt\AppData\Local\Qjocusuk.dat
[2010/08/01 18:40:18 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Local\Ogukanuperam.bin
[2010/08/01 12:29:35 | 000,001,802 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/01 10:48:47 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/29 17:02:28 | 000,010,005 | ---- | C] () -- C:\Users\Matt\Documents\Comparison of two volcanic case studies.docx
[2010/07/27 14:14:00 | 000,010,889 | ---- | C] () -- C:\Users\Matt\Documents\Personal Statement.docx
[2010/07/24 15:25:37 | 000,001,737 | ---- | C] () -- C:\Users\Public\Desktop\BT NetProtect Plus.lnk
[2010/07/23 11:46:52 | 000,050,477 | ---- | C] () -- C:\Users\Matt\Desktop\Defogger.exe
[2010/07/23 09:33:21 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/07/23 09:33:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/07/23 09:33:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/07/23 09:33:21 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/07/23 09:33:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/07/23 09:29:31 | 003,741,082 | R--- | C] () -- C:\Users\Matt\Desktop\comfix.exe.exe
[2010/07/23 09:07:29 | 193,986,550 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/07/23 08:56:03 | 000,293,376 | ---- | C] () -- C:\Users\Matt\Desktop\1ns0s6fj.exe
[2010/06/12 15:37:56 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009/09/01 20:40:54 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009/09/01 20:40:54 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/01 12:45:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/07 14:05:45 | 000,000,175 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2008/11/21 22:18:20 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/11/21 22:18:20 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/11/21 22:18:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/11/21 22:18:20 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/11/21 22:18:20 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/11/21 22:18:17 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/11/21 14:45:31 | 000,055,808 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/10/25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/06/12 15:38:13 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Atari
[2010/01/19 20:14:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/07/23 18:56:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Registry Mechanic
[2009/09/05 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Samsung
[2010/08/03 21:00:28 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/04 09:31:40 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{7C3353E9-F334-4521-8175-DF4E1093AAB7}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >






and now for Extras.txt:


OTL Extras logfile created on: 04/08/2010 09:37:02 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Matt\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 46.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.28 Gb Total Space | 156.42 Gb Free Space | 71.01% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 4.39 Gb Free Space | 43.90% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1995066719-2727565765-2462156929-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{008A91C2-B24F-4601-9594-8007C57B85D0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{0FD49E05-3CC4-40D4-8484-90CE27F2528E}" = rport=138 | protocol=17 | dir=out | app=system |
"{25665BBE-46A4-46EA-A1E7-5A930083B15A}" = rport=137 | protocol=17 | dir=out | app=system |
"{467F685C-A152-4F59-876F-5B0EDA9DA4D8}" = lport=445 | protocol=6 | dir=in | app=system |
"{68C24BED-337F-4A5C-AF72-F17085C06A86}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{757D9262-953A-4161-BA10-41A428ABD508}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8E92CB99-82AB-4661-820A-6D253C6CFA33}" = lport=137 | protocol=17 | dir=in | app=system |
"{98658912-B016-451A-8EBA-9753026FC5C4}" = lport=138 | protocol=17 | dir=in | app=system |
"{9D9A5C2F-2487-4AF1-BB6A-D796E14D711D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{AE7588DF-B2AD-41D3-92C5-06083DF76436}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EE07D6ED-9B6D-480A-8174-2F6BC4FE8837}" = rport=445 | protocol=6 | dir=out | app=system |
"{F7A1CCCF-5EB9-4645-BEF3-64480D139DED}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD233701-81EF-4E1B-87F6-FF5DF57DAFA6}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1BD855B5-1497-4E24-89B9-8551E95A16E7}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{1C170EA4-21D0-442F-A219-466AC943B321}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{23C8FAF0-7004-49FB-A3E7-EE0855DC9BD6}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{28D16019-0104-4BB8-9F86-09AD845195FC}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{3197B5A2-C1EB-45FE-BEE7-82AD7068A594}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{47181B50-E3B3-4FF5-97D3-C7F8DDB7A5EF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{57374FB8-C1FB-4055-AB36-085291AF48B1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{704BB5B4-CE5F-4707-99D2-120666F27C7F}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{70BAD410-AD23-45D3-92D0-87B12DA01627}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{790537BE-62E4-483F-A10D-DDA183FB8AC9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7A8ED549-27CF-49A5-BA66-8A4324237788}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{7AF07737-63A9-4350-A697-1C6B19D5E025}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{822DFBEF-B433-4476-B84D-335295E71A26}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{8B873F56-0C45-480D-903B-5C17C58B1F93}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{A80D08C0-77F0-4854-A33B-3A00C0EEAACE}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{A88E74F0-9208-4698-A435-A13795F47C39}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{D2236CB4-8939-467A-8C89-2AED53567BE4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D56B8F53-065A-4BCC-95D8-5DC9C8D9C8E0}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{D7689629-0B98-4DAB-9C4F-21FE72BE4EB0}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{DC245B5F-4285-4957-BAF6-06212EE24779}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DF5EC8D0-CF77-4917-B44E-5A7193CBDDDA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{58B2B6D3-E5FF-4D16-87AC-52CC5717C7C6}" = Tiscali Internet
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{6FFB40A5-7F7D-4A32-8905-3CDF962EE1E4}" = Internet From BT
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{78225D0F-D12C-09E4-5D6D-A64D763E8982}" = BBC iPlayer Desktop
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon® 3
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B935C985-A17F-484B-8470-09E4FC27DC26}" = Dell-eBay
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EA926717-CE5A-4CB4-AB21-9E6E9565A458}" = RCT3 Soaked
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1" = BBC iPlayer Desktop
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"ENTERPRISER" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"GameSpy Arcade" = GameSpy Arcade
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{D7D50E0C-27DD-4999-BC05-E026B580F93A}" = Electronic Arts Product Registration
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = BT NetProtect Plus
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 30/07/2010 12:24:38 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2010 14:16:42 | Computer Name = Matt-PC | Source = EventSystem | ID = 4622
Description =

Error - 30/07/2010 14:53:20 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 30/07/2010 15:06:55 | Computer Name = Matt-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 30/07/2010 15:57:46 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/07/2010 05:53:48 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/07/2010 06:19:06 | Computer Name = Matt-PC | Source = Google Update | ID = 20
Description =

Error - 31/07/2010 08:53:18 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

Error - 31/07/2010 09:18:26 | Computer Name = Matt-PC | Source = EventSystem | ID = 4621
Description =

Error - 31/07/2010 09:47:34 | Computer Name = Matt-PC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 13/07/2010 10:21:42 | Computer Name = Matt-PC | Source = WLAN-Tray | ID = 0
Description = 15:21:42, Tue, Jul 13, 10 Error - Unable to gain access to user store


Error - 17/07/2010 07:19:12 | Computer Name = Matt-PC | Source = WLAN-Tray | ID = 0
Description = 12:19:12, Sat, Jul 17, 10 Error - User "" does not have administrative
privileges on this system

Error - 24/07/2010 15:11:43 | Computer Name = Matt-PC | Source = WLAN-Tray | ID = 0
Description = 20:11:43, Sat, Jul 24, 10 Error - Unable to gain access to user store


Error - 29/07/2010 08:54:19 | Computer Name = Matt-PC | Source = WLAN-Tray | ID = 0
Description = 13:54:19, Thu, Jul 29, 10 Error - User "" does not have administrative
privileges on this system

[ System Events ]
Error - 11/03/2009 13:41:46 | Computer Name = Matt-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 00234D80C778 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 11/03/2009 13:42:03 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 11/03/2009 17:26:14 | Computer Name = Matt-PC | Source = BROWSER | ID = 8032
Description =

Error - 12/03/2009 13:52:00 | Computer Name = Matt-PC | Source = DCOM | ID = 10005
Description =

Error - 12/03/2009 13:52:00 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/03/2009 13:52:00 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/03/2009 13:52:00 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/03/2009 13:52:00 | Computer Name = Matt-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/03/2009 13:55:38 | Computer Name = Matt-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.4 for the Network Card with network
address 00234D80C778 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 12/03/2009 13:55:38 | Computer Name = Matt-PC | Source = HTTP | ID = 15016
Description =


< End of report >

Edited by speedycar53, 04 August 2010 - 04:05 AM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:37 PM

Posted 04 August 2010 - 05:11 PM

QUOTE
I guess you have your preferred tools and process but if at all useful, I have a fully licenced (for 3 m/cs) current version of PCTools Registry Mechanic but haven't used it on this m/c - was planning to do so before this problem cropped up.


We will use the OTL scripter to remove these. Running registry cleaners are not recommended.

Bleeping Computer DOES NOT recommend the use of registry cleaners/optimizers for several reasons:

Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.

Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.

Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.

Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.

The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".

Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.

Let's get back to the regedit. tongue.gif

There are indeed registry entries which need to go. There isn't anything here that is causing some of the problems you mention so that's disappointing but what this should do is speed up your PC's performance and we'll take it from there.

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

CODE
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [Kwocavohiyesupah] C:\Users\Matt\AppData\Local\elogicey.DLL File not found
O4 - HKCU..\Run: [Njidivikik] C:\Users\Matt\AppData\Local\xrmsont.DLL File not found
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B63300D1
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
Posted Image
m0le is a proud member of UNITE

#13 speedycar53

speedycar53
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 05 August 2010 - 05:27 AM

Thanks for advice regarding reg cleaners - funnily enough using one on my other XP system interfered with the McAfee settings so I can see your point. Fortunately the licence didn't cost much using trialpay so nothing lost really - I will heed your advice and bin it!

The log file:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Kwocavohiyesupah deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Njidivikik deleted successfully.
ADS C:\ProgramData\TEMP:B63300D1 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.9.1 log created on 08052010_112148

I am now going to go away and check the boot behaviour so that I can give you a more precise description of what happens now.

and the result is....

No more errors for the dlls. thumbup2.gif
After the windows welcome screen, it displays the desktop complete with icons and taskbar and proceeds to add icons to the system tray. Then part way through this process (after McAfee icon has appeared) the screen goes black, then a bit of taskbar displays, goes all black again and flickers between these states a couple of times before the desktop reappears and the system tray continues to be populated. It all happens rather too fast to catch exactly what is going on and to be honest I cannot remember how it used to behave but somehow this doesn't seem right.


Edited by speedycar53, 05 August 2010 - 05:59 AM.


#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:03:37 PM

Posted 05 August 2010 - 08:30 AM

Well, that's not a normal behaviour and as it happens straight after McAfee loads it may well be connected.

I would suggest you test this by disabling McAfee and booting the PC.
Posted Image
m0le is a proud member of UNITE

#15 speedycar53

speedycar53
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:04:37 PM

Posted 05 August 2010 - 12:14 PM

Well... I thought 'maybe' also. However, this appears not to be the case.

I have again uninstalled both McAfee and Google sidebar which were affected in the first place. However the problem just appears that much sooner during the loading sequence. Obvious;ly there are other autoruns from applications on this m/c and I am reluctant to uninstall them all and disabling isn't always possible from the application! As you say, it is disappointing that the registry analysis didn't come up with anything unusual. I have reinstalled McAfee for obvious reasons.

I am now wondering if there is a problem either with the settings in Intel Graphics Media Accellerator Driver for mobile (an icon appears on startup) or possibly with the default screen settings. The behaviour is a bit like what happens when you change screen resolutions but more so and the screen looks no different when it finally comes back to normal. Could be a complete red herring and probably is but the best way to describe the symptoms! The behaviour isn't the same every time.

What do you advise next?

Edited by speedycar53, 05 August 2010 - 02:11 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users