Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my security shield


  • This topic is locked This topic is locked
8 replies to this topic

#1 andrewbarrows

andrewbarrows

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 01 October 2010 - 04:46 PM

i recently got a virus called my security shield. even after the virus was removed i still cant open AVG or window defender when i try i get a message saying operation have been cancelled due to restrictions on this computer......how do i fix this i downloaded hijack this like was recommended by my teacher in college and am now posting it here in hopes to get this problem fixed


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:07:19 PM, on 9/23/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
C:\Program Files (x86)\LimeWire\LimeWire.exe
C:\windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Windows Live\Toolbar\wltuser.exe
C:\windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=c:\windows\syswow64\userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSN Toolbar] "c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://download.cnet.com
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: LabSim Configuration and Security (OrbisClient.Services) - Unknown owner - C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11447 bytes

does my hijack this log seem clean? Does anyone know how to reverse damage and regain access to AVG and Windows Defender and other anti-virus programs that were blocked by by the virus?

EDIT: Posts merged ~BP

Edited by Budapest, 06 October 2010 - 05:07 PM.
Moved from Am I Infected to Malware Removal Logs ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:43 PM

Posted 06 October 2010 - 05:18 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below I will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.


Then

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
Posted Image
m0le is a proud member of UNITE

#3 andrewbarrows

andrewbarrows
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 07 October 2010 - 10:48 PM

this is the attatchment from the dds log i hope this helps you diagnose the problems i am still experiancing with the my security shield virus

Attached Files



#4 andrewbarrows

andrewbarrows
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 07 October 2010 - 11:40 PM

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-10-07 22:32:52
Windows 6.1.7600
Running: 69pwn4nq.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0xA5 0x36 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x61 0xA5 0x36 0xF5 ...

---- EOF - GMER 1.0.15 ----



i hope i did this right and that it will be helpful in fixing my computer....

#5 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:43 PM

Posted 08 October 2010 - 06:22 PM

Please run OTL, this scanner is a more detailed one than DDS
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#6 andrewbarrows

andrewbarrows
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:43 AM

Posted 08 October 2010 - 11:07 PM

i hope these help you they are the otl.txt log and the extras.txt log that you asked for............

OTL logfile created on: 10/8/2010 9:52:41 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\andrew\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 390.42 Gb Free Space | 86.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 60.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW-PC
Current User Name: andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\andrew\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10k_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe (SoftThinks - Dell)
PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\andrew\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (AVAST Software)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE (Dell Inc.)
SRV:64bit: - (wlidsvc) -- c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_4df47d9dbfb58b44\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (avg9emc) -- C:\Program Files (x86)\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (OrbisClient.Services) -- C:\Program Files (x86)\TestOut\Orbis\OrbisClient.Services.exe ()
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (GoToAssist) -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (cvhsvc) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (nmservice) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Cisco Systems, Inc.)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (NWUSBCDFIL64) -- C:\Windows\SysNative\drivers\NwUsbCdFil64.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWADI) -- C:\Windows\SysNative\drivers\NWADIenum.sys (Novatel Wireless Inc)
DRV:64bit: - (NWUSBPort2) -- C:\Windows\SysNative\drivers\nwusbser2.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBPort) -- C:\Windows\SysNative\drivers\nwusbser.sys (Novatel Wireless Inc.)
DRV:64bit: - (NWUSBModem) -- C:\Windows\SysNative\drivers\nwusbmdm.sys (Novatel Wireless Inc.)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (purendis) -- C:\Windows\SysNative\drivers\purendis.sys (Cisco Systems, Inc.)
DRV:64bit: - (pnarp) -- C:\Windows\SysNative\drivers\pnarp.sys (Cisco Systems, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/1
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=SOLTDF&PC=SUN3&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: foxyproxy@eric.h.jung:2.22.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=SOLTDF&PC=SUN3&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/09/20 03:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/10/08 18:11:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files (x86)\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/10/08 18:12:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/16 12:35:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/19 13:34:47 | 000,000,000 | ---D | M]

[2010/09/14 17:56:24 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\mozilla\Extensions
[2010/09/14 17:56:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\andrew\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/09/05 12:30:44 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/10/07 19:13:15 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\mozilla\Firefox\Profiles\2iorj2xn.default\extensions
[2010/09/16 11:17:39 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\mozilla\Firefox\Profiles\2iorj2xn.default\extensions\foxyproxy@eric.h.jung
[2010/09/19 16:22:28 | 000,001,832 | ---- | M] () -- C:\Users\andrew\AppData\Roaming\Mozilla\FireFox\Profiles\2iorj2xn.default\searchplugins\bing.xml
[2010/09/19 16:22:34 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/16 12:35:14 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/09/19 13:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/19 13:38:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/09/16 12:35:13 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browserdirprovider.dll
[2010/09/16 12:35:13 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\brwsrcmp.dll
[2004/07/02 13:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\components\np32asw.dll
[2007/04/10 16:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
[2004/07/02 13:51:00 | 000,327,904 | ---- | M] (Macromedia, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/09/16 12:35:13 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
[2010/08/24 17:19:19 | 000,001,394 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/08/24 17:19:19 | 000,002,193 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\answers.xml
[2010/06/30 05:06:28 | 000,001,375 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/08/24 17:19:19 | 000,001,534 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/08/24 17:19:19 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay.xml
[2010/08/24 17:19:19 | 000,002,371 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\google.xml
[2010/08/24 17:19:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/08/24 17:19:19 | 000,001,096 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2010/09/17 11:28:38 | 000,000,860 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (MSN Toolbar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSN Toolbar] c:\Program Files (x86)\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe (Microsoft Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - Startup: C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 2 = ekrn.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun: 3 = egui.exe
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - c:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cnet.com ([download] http in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\windows\SysWow64\livessp.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/21 09:39:48 | 000,000,074 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{149a1eb3-d1c4-11df-b084-a4badbceba3e}\Shell - "" = AutoRun
O33 - MountPoints2\{149a1eb3-d1c4-11df-b084-a4badbceba3e}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe -- [2010/07/01 10:29:32 | 002,312,080 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{149a1ed4-d1c4-11df-b084-a4badbceba3e}\Shell - "" = AutoRun
O33 - MountPoints2\{149a1ed4-d1c4-11df-b084-a4badbceba3e}\Shell\AutoRun\command - "" = E:\VZAccess_Manager.exe -- [2010/07/01 10:29:32 | 002,312,080 | R--- | M] (Macrovision Corporation)
O33 - MountPoints2\{309f0afb-c75c-11df-88bc-a4badbceba3e}\Shell - "" = AutoRun
O33 - MountPoints2\{309f0afb-c75c-11df-88bc-a4badbceba3e}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a1268c67-c1cb-11df-8636-a4badbceba3e}\Shell - "" = AutoRun
O33 - MountPoints2\{a1268c67-c1cb-11df-8636-a4badbceba3e}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/10/08 21:47:09 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\andrew\Desktop\OTL.exe
[2010/10/08 18:12:44 | 000,013,048 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\avgrssta.dll
[2010/10/08 18:12:43 | 000,317,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgtdia.sys
[2010/10/08 18:12:38 | 000,269,904 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgldx64.sys
[2010/10/08 18:12:36 | 000,035,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgmfx64.sys
[2010/10/08 18:12:36 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\Avg
[2010/10/08 18:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Security Toolbar
[2010/10/08 18:09:46 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010/10/06 23:24:42 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Novatel Wireless
[2010/10/06 23:13:36 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Verizon Wireless
[2010/10/06 23:12:59 | 000,000,000 | ---D | C] -- C:\ProgramData\WEngineLite
[2010/10/06 23:12:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon Wireless
[2010/10/06 23:10:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Verizon Wireless
[2010/10/06 23:10:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Novatel Wireless
[2010/10/06 23:08:20 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\InstallShield
[2010/10/05 15:43:40 | 000,000,000 | ---D | C] -- C:\ProgramData\OptiTex
[2010/10/04 22:20:33 | 000,000,000 | ---D | C] -- C:\Users\andrew\8F1A20DC251D47B091B7DCA2523EE6C9.TMP
[2010/10/01 22:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2010/10/01 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Sony Corporation
[2010/10/01 22:49:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2010/10/01 22:48:29 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Downloaded Installations
[2010/10/01 22:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010/10/01 18:10:55 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\The Town 2010 Encoded XviD CAM
[2010/10/01 16:13:58 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2010/10/01 16:13:58 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2010/10/01 16:13:57 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2010/10/01 16:13:57 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2010/10/01 16:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010/10/01 15:57:14 | 000,834,544 | ---- | C] (Duplex Secure Ltd.) -- C:\windows\SysNative\drivers\sptd.sys
[2010/09/30 19:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/09/30 18:56:49 | 000,360,580 | ---- | C] (eSellerate Inc.) -- C:\windows\SysWow64\eSellerateEngine.dll
[2010/09/30 18:56:49 | 000,094,208 | ---- | C] (eSellerate Inc.) -- C:\windows\SysWow64\eSellerateControl365.dll
[2010/09/30 18:56:49 | 000,071,680 | ---- | C] (Alpha ZIP) -- C:\windows\SysWow64\english_ztv_Bh.SFX
[2010/09/30 18:56:49 | 000,067,584 | ---- | C] (Alpha ZIP) -- C:\windows\SysWow64\english_ztv_Zip.SFX
[2010/09/30 18:56:49 | 000,067,584 | ---- | C] (Alpha ZIP) -- C:\windows\SysWow64\english_ztv_Jar.SFX
[2010/09/30 18:56:49 | 000,066,560 | ---- | C] (Alpha ZIP) -- C:\windows\SysWow64\english_ztv_lha.SFX
[2010/09/30 18:56:49 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ztvcabinet.dll
[2010/09/30 18:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AlphaZIP
[2010/09/30 12:56:07 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Deployment
[2010/09/30 11:58:07 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\vmm32
[2010/09/29 18:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\KingsIsle Entertainment
[2010/09/28 22:16:19 | 000,000,000 | ---D | C] -- C:\windows\CheckSur
[2010/09/28 14:39:09 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\occult knowlege
[2010/09/28 14:02:40 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\pentagram-by-angel
[2010/09/27 13:42:53 | 000,000,000 | ---D | C] -- C:\Users\andrew\Desktop\downloads
[2010/09/27 13:41:50 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\tixati
[2010/09/27 13:41:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\tixati
[2010/09/23 20:54:47 | 000,121,936 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2010/09/23 20:54:47 | 000,028,752 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswRdr.sys
[2010/09/23 20:54:47 | 000,020,048 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswFsBlk.sys
[2010/09/23 20:54:45 | 000,051,280 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswTdi.sys
[2010/09/23 20:54:44 | 000,061,008 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2010/09/23 20:53:53 | 000,167,592 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe
[2010/09/23 20:53:53 | 000,038,848 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr
[2010/09/23 20:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/09/23 20:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/09/23 20:32:09 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Malwarebytes
[2010/09/23 20:31:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysWow64\drivers\mbamswissarmy.sys
[2010/09/23 20:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/23 20:31:32 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2010/09/23 20:31:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/09/23 19:23:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/23 18:00:30 | 002,133,536 | ---- | C] (AVG Technologies) -- C:\Users\andrew\Desktop\avg_free_stb_all_9_115_cnet.exe
[2010/09/23 14:08:21 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/09/23 12:05:01 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\avg
[2010/09/22 15:39:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/09/21 22:17:33 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\LimeWire
[2010/09/21 16:41:10 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\ComboFix
[2010/09/20 23:16:27 | 000,454,656 | ---- | C] (Simon Tatham) -- C:\Users\andrew\Desktop\putty.exe
[2010/09/20 18:50:41 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\SUPERAntiSpyware.com
[2010/09/20 18:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/09/20 18:50:37 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/09/20 18:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/09/20 18:27:54 | 001,184,984 | R--- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wvc1dmod.dll
[2010/09/20 16:11:27 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Yahoo!
[2010/09/20 16:11:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2010/09/20 16:11:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/09/20 14:37:57 | 000,000,000 | ---D | C] -- C:\windows\pss
[2010/09/20 12:48:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\MSMWRAS
[2010/09/19 21:26:36 | 000,000,000 | ---D | C] -- C:\.jagex_cache_32
[2010/09/19 16:21:27 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfc70.dll
[2010/09/19 16:21:27 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp70.dll
[2010/09/19 16:21:27 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcr70.dll
[2010/09/19 16:16:16 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\My Downloads
[2010/09/19 16:05:49 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\AVS4YOU
[2010/09/19 16:05:03 | 010,915,840 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\libmfxhw32.dll
[2010/09/19 16:05:03 | 010,833,920 | ---- | C] (Intel Corporation) -- C:\windows\SysWow64\libmfxsw32.dll
[2010/09/19 16:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2010/09/19 16:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2010/09/19 16:00:39 | 060,923,976 | ---- | C] (Online Media Technologies Ltd. ) -- C:\Users\andrew\Documents\AVSVideoConverter.exe
[2010/09/19 15:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2010/09/19 15:54:42 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\GdiPlus.dll
[2010/09/19 15:54:42 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3a.dll
[2010/09/19 13:46:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar
[2010/09/19 13:38:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/09/19 13:38:12 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2010/09/19 13:38:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2010/09/19 13:38:12 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2010/09/19 13:36:25 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\andrew\Documents\jre-6u21-windows-i586-iftw-rv.exe
[2010/09/19 13:35:42 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2010/09/19 13:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSN Toolbar Installer
[2010/09/19 13:34:47 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2010/09/17 21:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIW
[2010/09/17 21:02:37 | 002,750,083 | ---- | C] (Topala Software Solutions ) -- C:\Users\andrew\Documents\siw-setup.exe
[2010/09/17 11:38:13 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/09/16 14:18:33 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\U3
[2010/09/16 11:59:05 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Adobe
[2010/09/15 19:35:45 | 000,000,000 | ---D | C] -- C:\fc8297ca4a9a2c532a6b9e723a
[2010/09/15 19:35:13 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iertutil.dll
[2010/09/14 17:56:23 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Mozilla
[2010/09/14 17:56:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010/09/14 17:54:32 | 008,539,024 | ---- | C] (Mozilla) -- C:\Users\andrew\Documents\Firefox Setup 3.6.9.exe
[2010/09/14 15:00:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010/09/14 15:00:19 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Google
[2010/09/14 15:00:10 | 000,567,808 | ---- | C] (Google Inc.) -- C:\Users\andrew\Documents\googleupdatesetup.exe
[2010/09/13 18:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2010/09/13 17:33:26 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\FileZilla
[2010/09/13 17:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2010/09/13 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\andrew\Documents\CISCO_CCNA
[2010/09/12 15:01:23 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
[2010/09/12 15:01:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/09/10 22:36:50 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\iWin
[2010/09/10 12:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2010/09/10 12:03:16 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Roaming\Macrovision
[2010/09/10 11:05:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TestOut
[2010/09/10 11:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TestOut
[2010/09/10 11:03:37 | 014,365,576 | ---- | C] (TestOut Corporation) -- C:\Users\andrew\Documents\LabSimOnlineSetup.exe
[2010/09/09 23:23:35 | 000,000,000 | ---D | C] -- C:\Users\andrew\AppData\Local\Apps
[2010/09/09 22:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pure Networks
[2010/09/09 22:09:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Linksys
[2010/09/09 22:09:08 | 000,031,536 | ---- | C] (Cisco Systems, Inc.) -- C:\windows\SysNative\drivers\pnarp.sys
[2010/09/09 22:09:07 | 000,033,072 | ---- | C] (Cisco Systems, Inc.) -- C:\windows\SysNative\drivers\purendis.sys
[2010/09/09 22:09:07 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2010/09/09 22:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Pure Networks Shared
[2010/09/09 22:08:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2010/09/09 22:07:51 | 000,900,608 | ---- | C] (Ralink Technology Corp.) -- C:\windows\SysNative\drivers\netr28ux.sys
[1 C:\Users\andrew\*.tmp files -> C:\Users\andrew\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/08 21:57:45 | 002,097,152 | -HS- | M] () -- C:\Users\andrew\ntuser.dat
[2010/10/08 21:47:09 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\andrew\Desktop\OTL.exe
[2010/10/08 21:31:32 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 21:31:32 | 000,019,536 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 21:26:39 | 000,727,182 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2010/10/08 21:26:39 | 000,624,622 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2010/10/08 21:26:39 | 000,106,708 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2010/10/08 21:24:21 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/10/08 21:24:03 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl
[2010/10/08 21:23:55 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/10/08 21:23:34 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/10/08 21:23:29 | 3190,050,816 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/08 18:36:34 | 006,327,488 | -H-- | M] () -- C:\Users\andrew\AppData\Local\IconCache.db
[2010/10/08 18:12:45 | 000,013,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\avgrssta.dll
[2010/10/08 18:12:45 | 000,001,860 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/10/08 18:12:44 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgtdia.sys
[2010/10/08 18:12:38 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgldx64.sys
[2010/10/08 18:12:37 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\windows\SysNative\drivers\avgmfx64.sys
[2010/10/08 18:12:36 | 065,788,991 | ---- | M] () -- C:\windows\SysNative\drivers\Avg\incavi.avm
[2010/10/08 18:12:36 | 000,113,461 | ---- | M] () -- C:\windows\SysNative\drivers\Avg\iavichjw.avm
[2010/10/08 18:05:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/10/08 17:00:00 | 000,000,378 | ---- | M] () -- C:\windows\tasks\At3.job
[2010/10/08 17:00:00 | 000,000,378 | ---- | M] () -- C:\windows\tasks\At2.job
[2010/10/08 17:00:00 | 000,000,378 | ---- | M] () -- C:\windows\tasks\At1.job
[2010/10/08 15:42:25 | 000,002,559 | ---- | M] () -- C:\Users\Public\Desktop\LabSim.lnk
[2010/10/07 21:51:22 | 000,293,376 | ---- | M] () -- C:\Users\andrew\Desktop\69pwn4nq.exe
[2010/10/07 20:49:40 | 000,000,020 | ---- | M] () -- C:\Users\andrew\defogger_reenable
[2010/10/07 20:47:30 | 000,050,477 | ---- | M] () -- C:\Users\andrew\Desktop\Defogger.exe
[2010/10/07 20:44:32 | 000,001,968 | ---- | M] () -- C:\Users\andrew\Desktop\Attach.zip
[2010/10/06 23:13:00 | 000,001,290 | ---- | M] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2010/10/06 18:49:15 | 000,001,255 | ---- | M] () -- C:\Users\andrew\Desktop\AVS Audio Converter6.lnk
[2010/10/05 19:09:41 | 000,007,597 | ---- | M] () -- C:\Users\andrew\AppData\Local\Resmon.ResmonCfg
[2010/10/04 16:57:07 | 000,012,800 | ---- | M] () -- C:\Users\andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/04 16:05:58 | 000,001,869 | ---- | M] () -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/04 16:05:41 | 000,001,923 | ---- | M] () -- C:\Users\andrew\Desktop\LimeWire 5.5.16.lnk
[2010/10/01 22:49:09 | 000,001,037 | ---- | M] () -- C:\Users\Public\Desktop\Content Transfer.lnk
[2010/10/01 22:48:42 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\NWZ-S540 WALKMAN Guide.lnk
[2010/10/01 22:28:50 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/01 15:57:14 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) -- C:\windows\SysNative\drivers\sptd.sys
[2010/09/30 19:42:01 | 000,524,288 | -HS- | M] () -- C:\Users\andrew\ntuser.dat{bdde1ec7-ccbd-11df-9b68-a4badbceba3e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/30 19:42:01 | 000,524,288 | -HS- | M] () -- C:\Users\andrew\ntuser.dat{bdde1ec7-ccbd-11df-9b68-a4badbceba3e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 19:42:01 | 000,065,536 | -HS- | M] () -- C:\Users\andrew\ntuser.dat{bdde1ec7-ccbd-11df-9b68-a4badbceba3e}.TM.blf
[2010/09/30 19:21:37 | 000,000,967 | ---- | M] () -- C:\Users\andrew\Desktop\AlphaZIP.lnk
[2010/09/28 15:49:01 | 000,000,985 | ---- | M] () -- C:\Users\andrew\Desktop\Tixati.lnk
[2010/09/28 15:43:38 | 000,524,288 | -HS- | M] () -- C:\Users\andrew\ntuser.dat{9952a03f-cb27-11df-8834-a4badbceba3e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/28 15:43:38 | 000,524,288 | -HS- | M] () -- C:\Users\andrew\ntuser.dat{9952a03f-cb27-11df-8834-a4badbceba3e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/28 15:43:38 | 000,065,536 | -HS- | M] () -- C:\Users\andrew\ntuser.dat{9952a03f-cb27-11df-8834-a4badbceba3e}.TM.blf
[2010/09/28 15:23:18 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/28 15:23:15 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt
[2010/09/23 20:31:36 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 19:23:19 | 000,002,981 | ---- | M] () -- C:\Users\andrew\Desktop\HiJackThis.lnk
[2010/09/23 19:11:26 | 000,000,000 | -H-- | M] () -- C:\Users\andrew\Documents\Default.rdp
[2010/09/22 23:06:38 | 000,002,346 | ---- | M] () -- C:\Users\andrew\Desktop\Google Chrome.lnk
[2010/09/20 23:16:35 | 000,454,656 | ---- | M] (Simon Tatham) -- C:\Users\andrew\Desktop\putty.exe
[2010/09/20 18:50:36 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/20 18:27:54 | 001,184,984 | R--- | M] (Microsoft Corporation) -- C:\windows\SysWow64\wvc1dmod.dll
[2010/09/20 16:11:23 | 000,001,013 | ---- | M] () -- C:\Users\andrew\Desktop\CCleaner.lnk
[2010/09/20 14:41:12 | 000,000,728 | ---- | M] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2010/09/20 13:26:16 | 000,000,860 | ---- | M] () -- C:\windows\SysNative\drivers\etc\host_new
[2010/09/20 07:49:11 | 000,059,488 | ---- | M] () -- C:\Users\andrew\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/09/20 07:48:37 | 000,272,488 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2010/09/19 16:21:40 | 000,001,207 | ---- | M] () -- C:\Users\andrew\Desktop\AVS Media Player.lnk
[2010/09/19 16:05:37 | 000,001,299 | ---- | M] () -- C:\Users\andrew\Desktop\AVS4YOU Software Navigator.lnk
[2010/09/19 16:05:10 | 000,001,243 | ---- | M] () -- C:\Users\andrew\Desktop\AVS Video Converter.lnk
[2010/09/19 16:00:47 | 060,923,976 | ---- | M] (Online Media Technologies Ltd. ) -- C:\Users\andrew\Documents\AVSVideoConverter.exe
[2010/09/19 13:36:32 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\andrew\Documents\jre-6u21-windows-i586-iftw-rv.exe
[2010/09/17 21:03:52 | 000,000,941 | ---- | M] () -- C:\Users\andrew\Desktop\SIW.lnk
[2010/09/17 21:02:51 | 002,750,083 | ---- | M] (Topala Software Solutions ) -- C:\Users\andrew\Documents\siw-setup.exe
[2010/09/17 11:28:38 | 000,000,860 | RHS- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2010/09/17 09:26:01 | 000,076,783 | ---- | M] () -- C:\Users\andrew\100917-102601.jpg
[2010/09/14 17:56:19 | 000,001,969 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/14 17:56:19 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/14 17:55:50 | 008,539,024 | ---- | M] (Mozilla) -- C:\Users\andrew\Documents\Firefox Setup 3.6.9.exe
[2010/09/14 16:21:42 | 414,863,836 | ---- | M] () -- C:\Users\andrew\100914-160815.wmv
[2010/09/14 15:02:26 | 000,002,245 | ---- | M] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/14 15:02:08 | 000,002,290 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/14 15:00:19 | 000,567,808 | ---- | M] (Google Inc.) -- C:\Users\andrew\Documents\googleupdatesetup.exe
[2010/09/13 17:33:22 | 000,002,006 | ---- | M] () -- C:\Users\andrew\Desktop\FileZilla Client.lnk
[2010/09/13 17:32:16 | 004,198,724 | ---- | M] () -- C:\Users\andrew\Documents\FileZilla_3.3.4.1_win32-setup.exe
[2010/09/13 15:17:40 | 000,001,963 | ---- | M] () -- C:\Users\andrew\Desktop\CISCO_CCNA - Shortcut.lnk
[2010/09/10 11:03:51 | 014,365,576 | ---- | M] (TestOut Corporation) -- C:\Users\andrew\Documents\LabSimOnlineSetup.exe
[2010/09/09 22:10:41 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2010/09/09 12:19:09 | 000,000,110 | ---- | M] () -- C:\Users\andrew\webct_upload_applet.properties
[1 C:\Users\andrew\*.tmp files -> C:\Users\andrew\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/08 18:12:45 | 000,001,860 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010/10/08 18:12:36 | 065,788,991 | ---- | C] () -- C:\windows\SysNative\drivers\Avg\incavi.avm
[2010/10/08 18:12:36 | 000,113,461 | ---- | C] () -- C:\windows\SysNative\drivers\Avg\iavichjw.avm
[2010/10/08 14:24:13 | 000,065,536 | ---- | C] () -- C:\windows\SysNative\Ikeext.etl
[2010/10/07 21:51:20 | 000,293,376 | ---- | C] () -- C:\Users\andrew\Desktop\69pwn4nq.exe
[2010/10/07 20:49:40 | 000,000,020 | ---- | C] () -- C:\Users\andrew\defogger_reenable
[2010/10/07 20:47:30 | 000,050,477 | ---- | C] () -- C:\Users\andrew\Desktop\Defogger.exe
[2010/10/07 20:44:32 | 000,001,968 | ---- | C] () -- C:\Users\andrew\Desktop\Attach.zip
[2010/10/06 23:13:00 | 000,001,290 | ---- | C] () -- C:\Users\Public\Desktop\VZAccess Manager.lnk
[2010/10/06 18:49:15 | 000,001,255 | ---- | C] () -- C:\Users\andrew\Desktop\AVS Audio Converter6.lnk
[2010/10/04 16:05:58 | 000,001,869 | ---- | C] () -- C:\Users\andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk
[2010/10/04 16:05:41 | 000,001,923 | ---- | C] () -- C:\Users\andrew\Desktop\LimeWire 5.5.16.lnk
[2010/10/01 22:49:09 | 000,001,037 | ---- | C] () -- C:\Users\Public\Desktop\Content Transfer.lnk
[2010/10/01 22:48:42 | 000,002,128 | ---- | C] () -- C:\Users\Public\Desktop\NWZ-S540 WALKMAN Guide.lnk
[2010/10/01 22:28:50 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/10/01 16:44:20 | 000,000,378 | ---- | C] () -- C:\windows\tasks\At3.job
[2010/09/30 19:21:37 | 000,000,967 | ---- | C] () -- C:\Users\andrew\Desktop\AlphaZIP.lnk
[2010/09/30 19:09:52 | 000,000,378 | ---- | C] () -- C:\windows\tasks\At2.job
[2010/09/30 19:04:04 | 000,000,378 | ---- | C] () -- C:\windows\tasks\At1.job
[2010/09/30 18:56:49 | 000,156,160 | ---- | C] () -- C:\windows\SysWow64\ztvunrar3.dll
[2010/09/30 18:56:49 | 000,132,096 | ---- | C] () -- C:\windows\SysWow64\7z.sfx
[2010/09/30 18:56:49 | 000,075,264 | ---- | C] () -- C:\windows\SysWow64\ztvunacev2.dll
[2010/09/30 12:33:43 | 000,524,288 | -HS- | C] () -- C:\Users\andrew\ntuser.dat{bdde1ec7-ccbd-11df-9b68-a4badbceba3e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/30 12:33:43 | 000,524,288 | -HS- | C] () -- C:\Users\andrew\ntuser.dat{bdde1ec7-ccbd-11df-9b68-a4badbceba3e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/30 12:33:43 | 000,065,536 | -HS- | C] () -- C:\Users\andrew\ntuser.dat{bdde1ec7-ccbd-11df-9b68-a4badbceba3e}.TM.blf
[2010/09/28 15:49:01 | 000,000,985 | ---- | C] () -- C:\Users\andrew\Desktop\Tixati.lnk
[2010/09/28 15:18:46 | 000,524,288 | -HS- | C] () -- C:\Users\andrew\ntuser.dat{9952a03f-cb27-11df-8834-a4badbceba3e}.TMContainer00000000000000000002.regtrans-ms
[2010/09/28 15:18:46 | 000,524,288 | -HS- | C] () -- C:\Users\andrew\ntuser.dat{9952a03f-cb27-11df-8834-a4badbceba3e}.TMContainer00000000000000000001.regtrans-ms
[2010/09/28 15:18:46 | 000,065,536 | -HS- | C] () -- C:\Users\andrew\ntuser.dat{9952a03f-cb27-11df-8834-a4badbceba3e}.TM.blf
[2010/09/23 20:54:47 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/09/23 20:54:44 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt
[2010/09/23 20:31:36 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 19:23:19 | 000,002,981 | ---- | C] () -- C:\Users\andrew\Desktop\HiJackThis.lnk
[2010/09/23 19:11:26 | 000,000,000 | -H-- | C] () -- C:\Users\andrew\Documents\Default.rdp
[2010/09/22 19:05:49 | 000,230,752 | ---- | C] () -- C:\windows\patchw32.dll
[2010/09/22 19:05:49 | 000,118,176 | ---- | C] () -- C:\windows\patchw.dll
[2010/09/20 18:50:36 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/09/20 16:11:23 | 000,001,013 | ---- | C] () -- C:\Users\andrew\Desktop\CCleaner.lnk
[2010/09/20 14:28:25 | 000,000,728 | ---- | C] () -- C:\windows\SysNative\drivers\kgpcpy.cfg
[2010/09/19 16:21:40 | 000,001,207 | ---- | C] () -- C:\Users\andrew\Desktop\AVS Media Player.lnk
[2010/09/19 16:21:27 | 000,156,910 | ---- | C] () -- C:\windows\WMSysPr8.prx
[2010/09/19 16:05:37 | 000,001,299 | ---- | C] () -- C:\Users\andrew\Desktop\AVS4YOU Software Navigator.lnk
[2010/09/19 16:05:10 | 000,001,243 | ---- | C] () -- C:\Users\andrew\Desktop\AVS Video Converter.lnk
[2010/09/17 21:03:52 | 000,000,941 | ---- | C] () -- C:\Users\andrew\Desktop\SIW.lnk
[2010/09/17 09:26:19 | 000,076,783 | ---- | C] () -- C:\Users\andrew\100917-102601.jpg
[2010/09/14 17:56:19 | 000,001,969 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/09/14 17:56:19 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/09/14 16:37:16 | 414,863,836 | ---- | C] () -- C:\Users\andrew\100914-160815.wmv
[2010/09/14 15:02:26 | 000,002,346 | ---- | C] () -- C:\Users\andrew\Desktop\Google Chrome.lnk
[2010/09/14 15:02:26 | 000,002,245 | ---- | C] () -- C:\Users\andrew\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/09/14 15:02:08 | 000,002,290 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/09/14 15:00:26 | 000,000,898 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/14 15:00:26 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/13 17:33:22 | 000,002,006 | ---- | C] () -- C:\Users\andrew\Desktop\FileZilla Client.lnk
[2010/09/13 17:31:59 | 004,198,724 | ---- | C] () -- C:\Users\andrew\Documents\FileZilla_3.3.4.1_win32-setup.exe
[2010/09/13 15:17:40 | 000,001,963 | ---- | C] () -- C:\Users\andrew\Desktop\CISCO_CCNA - Shortcut.lnk
[2010/09/10 11:05:09 | 000,002,559 | ---- | C] () -- C:\Users\Public\Desktop\LabSim.lnk
[2010/09/09 22:10:41 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2010/09/09 12:19:09 | 000,000,110 | ---- | C] () -- C:\Users\andrew\webct_upload_applet.properties
[2010/09/08 15:53:39 | 000,012,800 | ---- | C] () -- C:\Users\andrew\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/07 22:17:10 | 000,007,597 | ---- | C] () -- C:\Users\andrew\AppData\Local\Resmon.ResmonCfg
[2010/09/03 12:57:38 | 000,731,106 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/06/25 11:03:12 | 000,053,299 | ---- | C] () -- C:\windows\SysWow64\pthreadVC.dll
[2010/06/18 15:03:34 | 000,000,193 | ---- | C] () -- C:\windows\Prelaunch.ini
[2010/06/18 15:03:34 | 000,000,147 | ---- | C] () -- C:\windows\WisPriority.ini
[2010/06/18 15:03:34 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
[2010/06/18 15:03:34 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
[2010/06/18 15:03:34 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
[2010/06/18 15:03:34 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
[2010/06/18 15:03:34 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/12 15:01:23 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
[2010/09/27 22:49:34 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\FileZilla
[2010/09/10 22:36:50 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\iWin
[2010/10/08 21:28:12 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\LimeWire
[2010/10/08 08:14:00 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\SoftGrid Client
[2010/10/06 11:21:11 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\tixati
[2010/09/03 12:58:47 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\TP
[2010/09/02 22:28:05 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\WildTangent
[2010/09/03 15:27:46 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Windows Live Writer
[2010/09/03 11:12:54 | 000,000,000 | ---D | M] -- C:\Users\andrew\AppData\Roaming\Wireshark
[2010/10/08 17:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010/10/08 17:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2010/10/08 17:00:00 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2010/09/28 15:22:56 | 000,032,638 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >


OTL Extras logfile created on: 10/8/2010 9:52:41 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\andrew\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 390.42 Gb Free Space | 86.56% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 60.11 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ANDREW-PC
Current User Name: andrew
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91415F19-4C22-3609-A105-92ED3522D83C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"DW WLAN Card Utility" = DW WLAN Card Utility
"HDMI" = Intel® Graphics Media Accelerator Driver
"Linksys Wireless Manager" = Linksys Wireless Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}" = Netflix in Windows Media Center
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0EDBEB2B-7C8D-42E6-8312-0F84394A3223}" = Windows Media Center Add-in for Silverlight
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 21
"{2DA5F129-11AC-4F11-8188-B2F07EAAC20A}" = Cozi
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3A8FE746-19BA-4168-8D01-D45897C7310E}" = VZAccess Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform
"{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
"{5A8FAEA3-42C9-4074-B339-3FBBACAB73EC}" = LabSim
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{66468F4D-BC4E-470C-9093-B3B6A1BB378C}" = MSN Toolbar Platform
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9576C428-7258-4B59-961C-439925E6AF8F}" = Cisco Network Magic
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2010.07.14
"{AC2BA148-EE9C-4F1A-AFCE-F38C2C71D29B}" = Mobile Broadband Generic Drivers
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F362902D-BC94-4187-8960-3B51F55B2EB0}" = Verizon Wireless USB760 Firmware Updates
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"AlphaZIP" = AlphaZIP
"avast5" = avast! Free Antivirus
"AVG9Uninstall" = AVG Free 9.0
"AVS Audio Converter 6.2_is1" = AVS Audio Converter version 6.2
"AVS Media Player_is1" = AVS Media Player 4.1.2.65
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 7
"CCleaner" = CCleaner
"Cisco Packet Tracer 5.3.1_is1" = Cisco Packet Tracer 5.3.1
"Dell Dock" = Dell Dock
"Dell Webcam Central" = Dell Webcam Central
"Google Chrome" = Google Chrome
"GoToAssist" = GoToAssist 8.0.0.514
"LimeWire" = LimeWire 5.5.16
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mobile Broadband Generic Drivers" = Mobile Broadband Generic Drivers
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Network MagicUninstall" = Network Magic
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"tixati" = Tixati
"WildTangent dell Master Uninstall" = WildTangent Games
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.2.11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"FileZilla Client" = FileZilla Client 3.3.4.1

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:43 PM

Posted 09 October 2010 - 06:18 AM

Let's check your permissions

We need to scan the system with this special tool:
  • Please download and save:

Junction.zip

  • Unzip it and place Junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the Run box and click OK:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

A command window opens starting to scan the system. Wait until a log file opens. Copy and paste the log in your next reply.
Posted Image
m0le is a proud member of UNITE

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:43 PM

Posted 11 October 2010 - 06:32 PM

Hi,

I have not had a reply from you for 3 days. Can you please tell me if you still need help with your computer as I am unable to help other members with their problems while I have your topic still open. The time taken between posts can also change the situation with your PC making it more difficult to help you.

If you like you can PM me.

Thanks,


m0le
Posted Image
m0le is a proud member of UNITE

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:43 PM

Posted 12 October 2010 - 06:55 PM

This topic has been closed.

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users