Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google results redirected 3 of 5 times / Unable to run antivirus software


  • This topic is locked This topic is locked
20 replies to this topic

#1 Bootrick

Bootrick

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 08 November 2010 - 10:53 PM

I am running Mozilla Firefox in Vista. The problem began with Google search results being redirected to advertising, malware, and phishing web sites. I tried to open Ad-Aware; it starts up then crashes saying "failed to connect to server. Then I tried running Malwarebytes and Spybot S&D both of these would not even open up. Finally, Spyware Terminator and SUPERAntiSpyware were both able to open, scan, but they did not fix the original problem though they found some things but upon attempt to remove the programs crashed. I then renamed Mbam.exe to something random and the program ran, found a trojan or two, and removed them. But still I get jump redirected and am unable to run Mbam.exe with it's original file name or Spybot. Then I tried to open RootRepeal but it crashed saying "FOPS - DeviceIoControl Error! Error Code = 0xc0000024 Extended Info (0x00000138)" By then it's been a few hours of trying to fix the problem and I went a little crazy and thought "Maybe it's just a Firefox addon" so I uninstalled Firefox and deleted all personal information, addons, etc. That didn't work and I got a little crazier and thought "Maybe I can just bypass the problem by using system restore to turn back time a week." That was a horrible idea. I do not remember all the error messages but eventually I got windows back to before I told it to try to turn back time (from now on my time machine only goes forward in time). I now think I need help, so that's where I am now. I read the preparation guide and the dds log is below. But GMER.exe crashes every time i try to scan. Thanks in advance for any help I receive =)


DDS (Ver_10-11-09.01) - NTFSx86
Run by Boone at 20:55:23.10 on Mon 11/08/2010
Internet Explorer: 7.0.6000.17037 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.1975 [GMT -6:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Spyware Terminator *disabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\CToolbar.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\lpremove.exe
C:\Windows\system32\lpksetup.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Boone\Desktop\stuff\Cleaning Supplies\dds.scr
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080326
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080326
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080326
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpywareTerminatorUpdate] "c:\program files\spyware terminator\SpywareTerminatorUpdate.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Crawler Search - tbr:iemenu
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\boone\appdata\roaming\mozilla\firefox\profiles\8lkru1ts.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\crawler\firefox\components\xcomm.dll
FF - component: c:\program files\crawler\firefox\components\xshared.dll
FF - component: c:\program files\crawler\firefox\components\xsupport.dll
FF - component: c:\program files\crawler\firefox\components\xwsg.dll
FF - plugin: c:\program files\haihaisoft universal player\codec\plugins\nppl3260.dll
FF - plugin: c:\program files\haihaisoft universal player\codec\plugins\npqtplugin.dll
FF - plugin: c:\program files\haihaisoft universal player\codec\plugins\nprpjplug.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbyond.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\boone\desktop\stuff\freeware\vlc\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-11 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-11-8 142592]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-9-13 93544]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/01/22 20:22:03];c:\program files\cyberlink\powerdvd dx\000.fcl [2009-1-22 87536]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-11-8 1153368]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-4-6 5430272]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-4-6 157184]
R3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\drivers\OEM05Afx.sys [2008-3-26 141376]
R3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\drivers\OEM05Vfx.sys [2008-3-26 7424]
R3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\drivers\OEM05Vid.sys [2008-3-26 235616]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2008-3-26 31616]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 12872]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-4-6 172032]
S4 CLPSLS;COMODO livePCsupport Service;"c:\program files\comodo\comodo livepcsupport\clpsls.exe" --> c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [?]
S4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-8 25832]
S4 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
S4 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\dldoserv.exe [2007-10-5 99568]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1029456]

=============== Created Last 30 ================

2010-11-09 01:46:04 -------- d-----w- c:\users\boone\appdata\local\Mozilla
2010-11-09 01:46:00 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2010-11-08 22:35:49 388096 ----a-r- c:\users\boone\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-08 22:27:03 -------- d-----w- c:\users\boone\appdata\local\Temp
2010-11-08 13:31:42 -------- d-----w- c:\program files\Crawler
2010-11-08 13:28:22 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-11-08 13:28:22 -------- d-----w- c:\users\boone\appdata\roaming\Spyware Terminator
2010-11-08 13:28:21 -------- d-----w- c:\program files\Spyware Terminator
2010-11-08 13:28:21 -------- d-----w- c:\progra~2\Spyware Terminator
2010-11-08 09:17:39 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-08 09:17:39 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-11-08 08:25:46 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-08 08:25:46 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-08 08:11:47 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{68d2d845-2945-4d56-b851-e485df1a74ac}\mpengine.dll
2010-11-08 02:19:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 02:19:03 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-08 02:19:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 19:11:46 -------- d-----w- c:\users\boone\appdata\local\{DF635C0B-EECC-4AE0-B15C-0F12694A5CF8}
2010-10-19 15:08:30 0 ----a-w- c:\users\boone\appdata\local\Bjuwewahatewis.bin

==================== Find3M ====================

2010-10-19 17:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6000 Disk: ST350063 rev.3.AD -> Harddisk0\DR0 -> \Device\Ide\iaStor0

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85AB5EC5]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0x85c25872; SUB DWORD [EBP-0x4], 0x85c2512e; PUSH EDI; CALL 0xffffffffffffdf33; }
1 ntkrnlpa!IofCallDriver[0x82027F3B] -> \Device\Harddisk0\DR0[0x86337AD8]
3 nt[0x820B07E2] -> ntkrnlpa!IofCallDriver[0x82027F3B] -> [0x84792670]
[0x86927E90] -> IRP_MJ_CREATE -> 0x85AB5EC5
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
\Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST3500630AS_____________________________3.ADG___#4&276286f9&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x85AB5AEA
user & kernel MBR OK
sectors 976773166 (+233): user != kernel
Warning: possible TDL3 rootkit infection !

============= FINISH: 20:56:46.93 ===============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:00 PM

Posted 15 November 2010 - 10:07 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    hlp.dat
    winlogon.exe
    wininit.exe
    explorer.exe
    /md5stop
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 Bootrick

Bootrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 16 November 2010 - 01:07 AM

Thanks for the response Myrti. For details on what I have done since posting the original log; I have run spyware terminator, superantispyware, and malwarebytes. These continue to remove tracking cookies etcetera but not the root of the problem. I am still unable to run spybot S&DS, ad-aware, or RootRepeal even if changing the exe's filename which worked for Malwarebytes. The problem of google search redirects still occurs and I also get a "PartyPoker.net" full screen windowed poppup at seemingly random times when I click any link. I mean any, it came up when I used the mirror to download OTL. I run firefox pretty exclusively, but I tried some searches in IE as well and they are also getting redirected. Although I did not put up with that browser long enough to see a partypoker poppup.

OTL.Txt:

OTL logfile created on: 11/15/2010 11:57:48 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Boone\Desktop\stuff\Cleaning Supplies
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 78.98 Gb Free Space | 17.52% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.78 Gb Free Space | 31.87% Space Free | Partition Type: NTFS
Drive E: | 906.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOONE-PC | User Name: Boone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 23:50:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boone\Desktop\stuff\Cleaning Supplies\OTL.exe
PRC - [2010/11/08 07:28:22 | 000,496,128 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/14 04:03:52 | 002,515,304 | ---- | M] (Crawler.com) -- C:\Program Files\Crawler\CToolbar.exe
PRC - [2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/14 13:59:50 | 001,946,624 | ---- | M] () -- C:\Program Files\Adolix\Adolix Wallpaper Changer\AWC.exe
PRC - [2007/08/23 13:58:58 | 002,070,000 | ---- | M] () -- C:\Program Files\XPSMiniViewGadget\XPSMiniViewGadget.exe
PRC - [2006/11/02 03:44:50 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 23:50:41 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Boone\Desktop\stuff\Cleaning Supplies\OTL.exe
MOD - [2006/11/02 06:34:30 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dinput.dll
MOD - [2006/11/02 03:46:10 | 001,376,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msvbvm60.dll
MOD - [2006/11/02 03:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe -- (CLPSLS)
SRV - [2010/11/08 07:28:22 | 000,496,128 | ---- | M] (Crawler.com) [Disabled | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/04/06 20:12:04 | 000,172,032 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/03/15 11:50:36 | 001,142,224 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 11:09:22 | 000,366,840 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/03/01 19:01:20 | 001,029,456 | ---- | M] (Lavasoft) [Disabled | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [Disabled | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/08/13 23:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Disabled | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/03/26 14:12:18 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/03/26 06:54:22 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/03/09 10:20:26 | 000,071,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2007/10/05 07:30:46 | 000,099,568 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldoserv.exe -- (dldoCATSCustConnectService)
SRV - [2007/10/05 07:30:34 | 000,595,184 | ---- | M] ( ) [Disabled | Stopped] -- C:\Windows\System32\dldocoms.exe -- (dldo_device)
SRV - [2007/10/03 13:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/09/12 02:40:44 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Disabled | Stopped] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/09/10 22:45:04 | 000,124,832 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor6.0)
SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/11/08 07:28:22 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/05/28 16:57:40 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/05/22 21:40:06 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/05/22 21:40:06 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2010/04/06 20:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2010/04/06 20:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2010/04/06 20:43:20 | 005,430,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/04/06 19:23:10 | 000,157,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/03/29 10:06:14 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/03/23 21:19:14 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/10/14 18:08:32 | 000,032,000 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009/04/23 18:02:25 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2008/10/27 21:34:26 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/01/22 20:22:03] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD DX\000.fcl -- ({1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7})
DRV - [2008/08/20 12:09:04 | 000,093,544 | ---- | M] (Rocket Division Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\StarPortLite.sys -- (StarPortLite) StarPort Storage Controller (Lite)
DRV - [2008/03/26 14:18:39 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/03/26 14:18:39 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/03/26 14:18:39 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/11 02:43:48 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/09/12 02:44:34 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/09/12 02:40:48 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/08/21 23:39:20 | 000,235,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM05Vid.sys -- (OEM05Vid)
DRV - [2007/08/21 23:39:18 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM05Vfx.sys -- (OEM05Vfx)
DRV - [2007/08/21 23:39:04 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM05Afx.sys -- (OEM05Afx)
DRV - [2007/04/01 22:42:08 | 000,016,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2007/04/01 22:42:04 | 000,080,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/04/01 22:42:02 | 000,079,664 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2007/01/15 15:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
DRV - [2006/12/19 12:18:28 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2006/11/02 03:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 03:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 03:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 03:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 03:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 03:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 03:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 03:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 03:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 03:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 03:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 03:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 03:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 03:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 03:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 03:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 03:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 03:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 03:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 03:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 03:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 03:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 03:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 03:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 03:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 03:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 03:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 03:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 03:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 03:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 03:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 02:55:05 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2006/11/02 02:55:04 | 000,071,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2006/11/02 02:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 02:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 02:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 02:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 02:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 02:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 01:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 01:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 12:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080326
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080326


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-4264175037-1400091774-357153482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080326
IE - HKU\S-1-5-21-4264175037-1400091774-357153482-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-4264175037-1400091774-357153482-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {4B3803EA-5230-4DC3-A7FC-33638F3D3542}:1.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: rafael.clp@hotmail.com:1.3.1
FF - prefs.js..extensions.enabledItems: autopagerlite@teesoft.info:0.6.1.30
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: canitbecheaper@trafficbroker.co.uk:2.8
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: greasefire@skrul.com:1.0.4
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.11

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files\Crawler\firefox\ [2010/11/08 07:31:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/08 19:46:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/08 19:45:58 | 000,000,000 | ---D | M]

[2010/11/08 19:46:09 | 000,000,000 | ---D | M] -- C:\Users\Boone\AppData\Roaming\Mozilla\Extensions
[2010/11/15 07:39:52 | 000,000,000 | ---D | M] -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions
[2010/11/09 19:49:00 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/11/08 19:50:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/08 22:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/11/08 22:23:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/11/09 17:10:42 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/11/08 22:23:40 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/11/09 19:49:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/11/09 17:10:42 | 000,000,000 | ---D | M] -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\autopagerlite@teesoft.info
[2010/11/09 17:10:42 | 000,000,000 | ---D | M] -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\canitbecheaper@trafficbroker.co.uk
[2010/11/09 19:52:13 | 000,000,000 | ---D | M] -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\greasefire@skrul.com
[2010/11/08 22:23:40 | 000,000,000 | ---D | M] -- C:\Users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\extensions\rafael.clp@hotmail.com
[2010/11/15 23:49:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/08 03:17:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2008/07/08 15:07:06 | 000,040,960 | ---- | M] (BYOND) -- C:\Program Files\Mozilla Firefox\plugins\npbyond.dll
[2010/11/08 03:17:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/26 13:05:16 | 000,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

O1 HOSTS File: ([2010/11/08 03:03:59 | 000,000,734 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O3 - HKU\S-1-5-21-4264175037-1400091774-357153482-1000\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-4264175037-1400091774-357153482-1000..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220 172.17.0.15
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\Program Files\Crawler\ctbr.dll (Crawler.com)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\Boone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Boone\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{22ef4b63-d3e9-11de-87af-b62361ed6b73}\Shell - "" = AutoRun
O33 - MountPoints2\{22ef4b63-d3e9-11de-87af-b62361ed6b73}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3910905d-d5d6-11de-a5ad-b21c47daed77}\Shell - "" = AutoRun
O33 - MountPoints2\{3910905d-d5d6-11de-a5ad-b21c47daed77}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{88f9f55c-000b-11dd-b394-001c26dc9532}\Shell - "" = AutoRun
O33 - MountPoints2\{88f9f55c-000b-11dd-b394-001c26dc9532}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\{a9275404-d07d-11de-8c09-be1b95ba0c73}\Shell - "" = AutoRun
O33 - MountPoints2\{a9275404-d07d-11de-8c09-be1b95ba0c73}\Shell\AutoRun\command - "" = J:\autorun.exe -- File not found
O33 - MountPoints2\{b397cf0d-0e13-11df-aaef-d999bd4b7672}\Shell - "" = AutoRun
O33 - MountPoints2\{b397cf0d-0e13-11df-aaef-d999bd4b7672}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-4264175037-1400091774-357153482-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe - (Avanquest Software )
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\PROGRA~1\COMMON~1\Intuit\QUICKB~1\QBUpdate\qbupdate.exe - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk - C:\UPS\WSTD\WSTDME~1.EXE - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk - C:\UPS\WSTD\WSTDPL~1.EXE - File not found
MsConfig - StartUpFolder: C:^Users^Boone^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: 9a128a0c - hkey= - key= - File not found
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe File not found
MsConfig - StartUpReg: Bluetooth HCI Monitor - hkey= - key= - File not found
MsConfig - StartUpReg: COMODO Internet Security - hkey= - key= - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe File not found
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: Dell 968 AIO Printer Fax Server - hkey= - key= - C:\Program Files\Dell 968 AIO Printer\fm3032.exe ()
MsConfig - StartUpReg: DELL Webcam Manager - hkey= - key= - C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: DellSupportCenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: dldomon.exe - hkey= - key= - C:\Program Files\Dell 968 AIO Printer\dldomon.exe ()
MsConfig - StartUpReg: dscactivate - hkey= - key= - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
MsConfig - StartUpReg: ECenter - hkey= - key= - C:\DELL\E-Center\EULALauncher.exe ( )
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe File not found
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: Intuit SyncManager - hkey= - key= - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: MemoryCardManager - hkey= - key= - C:\Program Files\Dell 968 AIO Printer\memcard.exe ()
MsConfig - StartUpReg: MSConfig - hkey= - key= - File not found
MsConfig - StartUpReg: MSServer - hkey= - key= - File not found
MsConfig - StartUpReg: NA1Messenger - hkey= - key= - C:\UPS\WSTD\UPSNA1Msgr.exe File not found
MsConfig - StartUpReg: Octoshape Streaming Services - hkey= - key= - C:\Users\Boone\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
MsConfig - StartUpReg: OEM05Mon.exe - hkey= - key= - C:\Windows\OEM05Mon.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: oovoo.exe - hkey= - key= - C:\Program Files\ooVoo\ooVoo.exe File not found
MsConfig - StartUpReg: pccguide.exe - hkey= - key= - C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe File not found
MsConfig - StartUpReg: PDVDDXSrv - hkey= - key= - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe File not found
MsConfig - StartUpReg: SigmatelSysTrayApp - hkey= - key= - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SpywareTerminator - hkey= - key= - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
MsConfig - StartUpReg: SpywareTerminatorUpdate - hkey= - key= - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe File not found
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
MsConfig - StartUpReg: Wallpaper Manager - hkey= - key= - C:\Program Files\Adolix\Adolix Wallpaper Changer\AWC.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= - File not found
MsConfig - State: "services" - 1
MsConfig - State: "startup" - 1

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: CLPSLS - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe File not found
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3acm - ac3acm.acm File not found
Drivers32: msacm.bdmpeg - C:\Windows\System32\bdmpega.acm ()
Drivers32: msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm File not found
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.mpeg - C:\Windows\System32\bdmpegv.dll ()
Drivers32: VIDC.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/11/14 10:01:32 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/11/14 10:01:32 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/11/14 10:01:28 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/11/14 10:01:28 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/11/14 10:01:25 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/11/14 10:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/11/14 10:01:11 | 000,000,000 | ---D | C] -- C:\Users\Boone\AppData\Roaming\PC Tools
[2010/11/14 10:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/11/14 10:01:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/11/14 10:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010/11/14 06:30:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Google Updater
[2010/11/13 22:00:57 | 000,000,000 | ---D | C] -- C:\Users\Boone\dwhelper
[2010/11/08 19:46:04 | 000,000,000 | ---D | C] -- C:\Users\Boone\AppData\Roaming\Mozilla
[2010/11/08 19:46:04 | 000,000,000 | ---D | C] -- C:\Users\Boone\AppData\Local\Mozilla
[2010/11/08 16:27:03 | 000,000,000 | ---D | C] -- C:\Users\Boone\AppData\Local\Temp
[2010/11/08 07:31:42 | 000,000,000 | ---D | C] -- C:\Program Files\Crawler
[2010/11/08 07:28:22 | 000,000,000 | ---D | C] -- C:\Users\Boone\AppData\Roaming\Spyware Terminator
[2010/11/08 07:28:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010/11/08 07:28:21 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010/11/08 03:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/11/08 03:18:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/11/08 03:17:39 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/08 03:17:39 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/08 03:17:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/08 03:17:39 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/08 03:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/11/08 02:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/08 02:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/07 20:19:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/11/07 20:19:03 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/11/07 20:19:03 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 13:11:46 | 000,000,000 | ---D | C] -- C:\Users\Boone\AppData\Local\{DF635C0B-EECC-4AE0-B15C-0F12694A5CF8}
[2009/08/12 13:33:21 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\dldohcp.dll
[2009/08/12 13:33:21 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\dldoinpa.dll
[2009/08/12 13:33:21 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldoiesc.dll
[2009/08/12 13:33:20 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\dldoserv.dll
[2009/08/12 13:33:20 | 000,954,368 | ---- | C] ( ) -- C:\Windows\System32\dldousb1.dll
[2009/08/12 13:33:20 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldoprox.dll
[2009/08/12 13:33:19 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dldopmui.dll
[2009/08/12 13:33:19 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldolmpm.dll
[2009/08/12 13:33:17 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldohbn3.dll
[2009/08/12 13:33:16 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldocomm.dll
[2009/08/12 13:33:15 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldocomc.dll

========== Files - Modified Within 30 Days ==========

[2010/11/15 23:59:43 | 006,840,054 | ---- | M] () -- C:\Windows\WPCWallpaper.bmp
[2010/11/15 23:39:09 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 23:39:09 | 000,003,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/15 23:00:00 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\vmrbsrir.job
[2010/11/15 19:01:24 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010/11/15 12:41:10 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/14 06:56:01 | 000,058,880 | ---- | M] () -- C:\Users\Boone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/09 18:00:37 | 000,021,493 | ---- | M] () -- C:\Users\Boone\.recently-used.xbel
[2010/11/08 23:44:58 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/08 23:44:58 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/08 23:38:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/08 21:59:00 | 000,001,722 | ---- | M] () -- C:\Users\Boone\Desktop\taskkill.exe.lnk
[2010/11/08 20:39:12 | 000,001,660 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/08 20:38:51 | 000,000,020 | ---- | M] () -- C:\Users\Boone\defogger_reenable
[2010/11/08 19:46:00 | 000,001,750 | ---- | M] () -- C:\Users\Boone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/08 19:46:00 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/08 07:28:22 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010/11/08 03:17:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/11/08 03:17:27 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010/11/08 03:17:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010/11/08 03:17:27 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010/11/08 03:03:59 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/08 02:43:11 | 000,000,680 | ---- | M] () -- C:\Users\Boone\AppData\Local\d3d9caps.dat
[2010/10/20 12:46:58 | 000,000,776 | ---- | M] () -- C:\Users\Boone\Desktop\Vindictus.lnk
[2010/10/19 13:03:38 | 000,000,120 | ---- | M] () -- C:\Users\Boone\AppData\Local\Hwohogicabenuw.dat
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/19 09:08:30 | 000,000,000 | ---- | M] () -- C:\Users\Boone\AppData\Local\Bjuwewahatewis.bin

========== Files Created - No Company Name ==========

[2010/11/14 10:01:32 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/11/14 10:01:28 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/11/14 10:01:28 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/11/14 10:01:25 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/11/14 06:30:54 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/12 10:21:23 | 000,010,230 | ---- | C] () -- C:\Users\Boone\activity.txt
[2010/11/09 18:00:37 | 000,021,493 | ---- | C] () -- C:\Users\Boone\.recently-used.xbel
[2010/11/08 20:38:43 | 000,000,020 | ---- | C] () -- C:\Users\Boone\defogger_reenable
[2010/11/08 19:46:00 | 000,001,750 | ---- | C] () -- C:\Users\Boone\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/08 19:46:00 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/11/08 07:28:22 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010/11/08 02:43:11 | 000,000,680 | ---- | C] () -- C:\Users\Boone\AppData\Local\d3d9caps.dat
[2010/10/20 12:46:38 | 000,000,776 | ---- | C] () -- C:\Users\Boone\Desktop\Vindictus.lnk
[2010/10/19 09:08:30 | 000,000,120 | ---- | C] () -- C:\Users\Boone\AppData\Local\Hwohogicabenuw.dat
[2010/10/19 09:08:30 | 000,000,000 | ---- | C] () -- C:\Users\Boone\AppData\Local\Bjuwewahatewis.bin
[2010/10/19 07:14:27 | 000,058,880 | ---- | C] () -- C:\Users\Boone\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/06 21:49:35 | 000,011,544 | -HS- | C] () -- C:\Users\Boone\AppData\Local\C6158646
[2010/04/06 21:49:35 | 000,011,544 | -HS- | C] () -- C:\ProgramData\C6158646
[2010/04/06 19:22:08 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009/11/13 14:30:10 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/11/13 12:48:42 | 000,000,987 | ---- | C] () -- C:\Users\Boone\AppData\Roaming\isomaster.ini
[2009/08/12 13:37:40 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldocoin.dll
[2009/08/12 13:35:09 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLDOPMON.DLL
[2009/08/12 13:35:09 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLDOFXPU.DLL
[2009/08/12 13:34:49 | 000,049,152 | ---- | C] () -- C:\Windows\System32\dldooem.dll
[2009/08/12 13:34:49 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DLDOPMRC.DLL
[2009/08/12 13:33:21 | 000,503,808 | ---- | C] () -- C:\Windows\System32\dldoutil.dll
[2009/08/12 13:33:21 | 000,348,160 | ---- | C] () -- C:\Windows\System32\dldoinst.dll
[2009/08/12 13:33:19 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoinsb.dll
[2009/08/12 13:33:19 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldojswr.dll
[2009/08/12 13:33:18 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldoins.dll
[2009/08/12 13:33:18 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldoinsr.dll
[2009/08/12 13:33:17 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldogrd.dll
[2009/08/12 13:33:16 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldocub.dll
[2009/08/12 13:33:16 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldocu.dll
[2009/08/12 13:33:16 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldocur.dll
[2009/08/12 12:59:32 | 000,000,199 | ---- | C] () -- C:\Windows\wstdUPSWSHIP.INI
[2009/08/12 12:54:18 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/08/12 12:07:13 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/07/08 19:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2009/03/02 22:51:07 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.INI
[2009/02/20 18:21:57 | 001,637,773 | -HS- | C] () -- C:\Windows\System32\hwxxiwub.ini
[2009/02/19 18:31:36 | 001,616,764 | -HS- | C] () -- C:\Windows\System32\pnutfyxe.ini
[2009/02/18 22:03:28 | 001,609,270 | -HS- | C] () -- C:\Windows\System32\wdafjbgo.ini
[2009/02/18 03:23:04 | 001,609,270 | -HS- | C] () -- C:\Windows\System32\uwfqiuow.ini
[2009/02/17 15:20:20 | 001,603,855 | -HS- | C] () -- C:\Windows\System32\fpjcmsij.ini
[2009/02/17 00:50:12 | 001,589,969 | -HS- | C] () -- C:\Windows\System32\hiqniqok.ini
[2009/02/16 21:10:10 | 001,589,969 | -HS- | C] () -- C:\Windows\System32\dpuutnoi.ini
[2008/11/18 12:35:14 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/07/01 23:14:24 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/07/01 23:14:24 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/07/01 23:14:24 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/07/01 23:05:17 | 000,000,477 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/06/10 18:07:20 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/05/22 16:18:54 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/03/31 02:43:02 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/03/26 14:19:02 | 000,876,544 | ---- | C] () -- C:\Windows\System32\TEACico2.dll
[2008/03/26 06:52:32 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/26 06:41:54 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2008/01/10 06:16:20 | 000,159,839 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/01/10 06:15:30 | 000,755,027 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/09/06 14:40:36 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dldodrs.dll
[2007/09/04 10:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007/08/31 12:51:11 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dldocaps.dll
[2007/08/01 02:15:51 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldocfg.dll
[2007/06/14 14:45:05 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldocnv4.dll
[2007/02/13 09:14:18 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/07/31 23:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldovs.dll
[2006/05/26 07:29:14 | 000,005,120 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2004/10/12 13:42:30 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2004/10/12 13:40:58 | 002,255,360 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2004/10/05 15:16:08 | 000,395,776 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2004/10/04 00:50:26 | 000,112,640 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2003/04/08 12:41:20 | 000,180,224 | ---- | C] () -- C:\Windows\System32\nssckbi.dll
[2002/03/16 18:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000071.DLL
[2001/11/14 10:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: EXPLORER.EXE >
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2008/10/29 00:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 00:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 21:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2008/03/26 14:11:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2008/03/26 14:11:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2008/10/27 20:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 03:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: WININIT.EXE >
[2006/11/02 03:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006/11/02 03:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 03:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2006/11/02 06:34:30 | 000,136,192 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dinput.dll
[2006/11/02 03:46:10 | 001,376,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2006/11/02 03:47:18 | 000,228,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/03/26 14:15:32 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 04:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 04:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 04:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 04:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/11/08 07:28:22 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extras.Txt

OTL Extras logfile created on: 11/15/2010 11:57:48 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Boone\Desktop\stuff\Cleaning Supplies
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 64.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.71 Gb Total Space | 78.98 Gb Free Space | 17.52% Space Free | Partition Type: NTFS
Drive D: | 15.00 Gb Total Space | 4.78 Gb Free Space | 31.87% Space Free | Partition Type: NTFS
Drive E: | 906.72 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: BOONE-PC | User Name: Boone | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-4264175037-1400091774-357153482-1000\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Users\Boone\Desktop\stuff\freeware\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Users\Boone\Desktop\stuff\freeware\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4264175037-1400091774-357153482-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1083BC15-8F11-4C40-AD41-B55648498870}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{2338E689-FDE5-4374-A9C3-CFEADB256829}" = lport=8378 | protocol=17 | dir=in | name=league of legends launcher |
"{2DB720C4-5EBF-4964-9692-803D13F10512}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{3353FDDA-12E2-4E9F-84E1-639521860211}" = lport=8378 | protocol=6 | dir=in | name=league of legends launcher |
"{380C2DBA-2D0D-4AAC-B13C-A669E62F887F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4138100F-96B6-42A8-B2A3-CEC2DCA464AF}" = lport=8380 | protocol=6 | dir=in | name=league of legends launcher |
"{53B1AC57-0FC4-4BDB-8432-10451A2E0B9C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5A515A1B-8791-4012-A0B5-41A5D6083076}" = lport=2869 | protocol=6 | dir=in | app=system |
"{64A5454A-B9A5-4E83-94CA-FC9B4E643D73}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{6671C858-608A-4C83-9D7C-5AE9EF2257D2}" = lport=8379 | protocol=6 | dir=in | name=league of legends launcher |
"{67EC7984-5D1D-4202-B05D-0B4A231D2F97}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{6A498800-6D2D-45C4-88B6-982474DDBB7E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6ECB2268-1FA1-46AF-89F8-F8D6E82404D5}" = lport=8379 | protocol=17 | dir=in | name=league of legends launcher |
"{77123B1A-ACBA-474B-AA3E-82E813C33E68}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{7E52C8B8-B666-4BB8-A796-5E51F2B490A7}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |
"{8E19853D-A48E-4018-864C-C9947C5ED3A5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{961F9C6C-FE77-49FB-8AEC-C7B207B8B728}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |
"{9B0B981A-7DF0-4E33-AD27-02FBBEF2280D}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |
"{A301E5CB-5C77-4639-88D4-0829F6AF79E0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A5A40244-6330-4504-B4C6-1E61C89C4D08}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |
"{A69FDC59-F579-4A24-A65E-C5D2179C2CA9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A81695CB-EE62-48CC-BE45-3CAA4A407E97}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |
"{BC35C143-C3B4-4C3B-9BB2-104ACD432E58}" = lport=6916 | protocol=17 | dir=in | name=league of legends launcher |
"{DA22296F-87FE-4EF9-8F5D-D67531811C22}" = lport=6916 | protocol=6 | dir=in | name=league of legends launcher |
"{DDE11CA5-B172-4AAA-99E3-F2F416B17306}" = lport=8380 | protocol=17 | dir=in | name=league of legends launcher |
"{ED29BCFB-9286-43C5-9C31-BB8F46293369}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F616482B-3098-4F1D-A0AA-404E44FAFD4E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02384E34-569D-49AA-B4D7-83D4D29B5CD4}" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{037049B0-0E20-43C8-B01A-DD379C903C9B}" = protocol=17 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{04F50494-A0E7-44BD-9CD8-FB3BA4C461C1}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{0740D83C-F230-40DE-B4B6-66368B116670}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{0E22A7EA-205C-4038-86FB-D2D4D6A0DFE0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1176396A-E23B-45CC-AAB6-E2C55E36A045}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{11C79860-406A-411B-8D6C-F006C0F18C01}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{131500B7-E35F-4D64-85AC-5ECB74014307}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{131F5552-D789-4225-B61C-58EAF924BCE4}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\dldomon.exe |
"{1521B4F5-A025-412E-A1B6-8CDE7418C871}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{1CC6CC8E-052A-4764-BEE7-C3E586C9D1C2}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{1D412142-92CE-4211-9A99-95E5DEF449CC}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\dldomon.exe |
"{202E93EA-B22C-41D5-8416-6B0CF99A5579}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{2215DD86-C28E-4908-BF9F-95367AA531FC}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{22432E3B-E0A3-4A6C-B167-060591E08E06}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{247F100F-F178-446D-898B-0F9C8B317E95}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{25BEF762-D275-4F39-9697-E20188819F6F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2ABCB79F-F050-4382-997F-7BB642C1570E}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{2C818F09-DFE3-4986-92D2-DE3F5C27F488}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{2DBB7C61-42B6-41E7-B7BB-86E3E9E2B715}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{330F4160-EAF6-4601-B4FB-1293C21D0823}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\memcard.exe |
"{3575BC9F-415F-4934-9AA8-92E36F46220E}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3980B059-B02A-4C93-A010-6953D38548B0}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5\bin\h5_game.exe |
"{3D7B6235-40B2-4E99-83EE-7A4389238F3D}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{451A9895-4909-409A-A67A-D9562630872C}" = protocol=17 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{4A3FB18F-9052-4DE5-9CF9-B2CAA4E56208}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4FFC1C65-CDAB-4690-8DC4-76C3DC8B7A33}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\heroes of might and magic 5\bin\h5_game.exe |
"{50BA5A98-F24A-410D-A602-1FBD9BA037DE}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldopswx.exe |
"{52647509-2EEC-4732-8781-B6B1D677614D}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{5492DB39-D5C7-4B0F-8F78-929FFD07C51A}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"{575A1935-107B-41F6-81E1-EC559480FFA2}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{58009595-42E3-49CD-B7D6-84DA46A5A556}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldotime.exe |
"{5976C84C-C695-42A5-A323-9E6AED35694C}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\memcard.exe |
"{5A9D6995-79DE-4A05-AFA8-918907794898}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldopswx.exe |
"{5C1B6990-5ED0-4293-B82E-A04AAC8F3CDD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5FE79D05-20E2-4802-A027-897484A066A5}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{66950752-8B19-4D32-8B35-28FA6AF9E91B}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{66C92793-CC9D-478A-B14A-4F5F8943FE40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{670A3B67-1FFE-4ED1-BD22-63E7641893EC}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{69FB7A0D-0493-4A46-A092-95081658C3A2}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{6CD5A3D2-24F5-42C6-A7F6-9133AD1F5E24}" = protocol=6 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{7030672E-2820-42FA-872E-A514E5584549}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{727794AC-610D-4E12-AF16-3EF68CE1EB42}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{731D5580-B75A-43EC-AF12-EF3FDAC1EBD9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{787B7CA3-F2F5-4632-AAEC-1C5B1038DAD5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{7BBE5E6A-73EE-4A95-B662-A7765D04F700}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{7CB59FEE-6AE9-4EE8-A9B7-CB134FE094F5}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7D77A704-B8E5-42A7-B367-51BEFE96FCD2}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daupdatersvc.service.exe |
"{7E98C91B-05BB-4C8F-AFC2-F8B87D009721}" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\dldoaiox.exe |
"{814DE190-B4C5-446E-88D9-8DF83B84A9C1}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{8447120A-BD17-4591-B23A-E7144F39B178}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{84DCE34E-9493-4901-92EC-3E8D547F57F4}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldotime.exe |
"{858A5810-6360-4B92-AD8F-5FB90E0D7930}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{889F781A-7BCA-49F8-898E-941A9EE2E637}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{8BCB9D3B-4439-4789-B3A4-585036935C14}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{92514262-A6CA-4879-B9A1-7B75D723120E}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{97FD9423-B25F-4A5A-A1DF-B2D03EF8BFE2}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{9CB57CAE-A7E3-4D70-85E7-450ED9334332}" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\dldoaiox.exe |
"{9CBFD917-D632-4817-9708-AB5A725D0E3D}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe |
"{9FFCF716-ACB3-496F-B80F-1CA2E527B727}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{A5C20FF9-1155-446D-A5CE-B210CAE08730}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{AC7DBB69-C1EE-40AA-99A3-0B23C4630A77}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{AE738301-862A-4056-A5A3-0372502772CF}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe |
"{AEDAE0B9-3B12-4823-8EF2-996B479DA4D6}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B00A4833-5549-4F34-8623-E3560280EC0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{B98C8359-7731-42EE-B9C3-961B596DDD34}" = protocol=6 | dir=out | app=system |
"{BA34077B-8C47-4EDC-8331-22F16874B87E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC416ED1-2ACA-4749-970A-12A6200F3B8D}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{BCBC9035-1E8A-4012-ACC1-0D537FCD763D}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{BD818A93-85A7-4D17-9E06-7037C08419CB}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\repair.exe |
"{BDBDD724-1AAA-40E6-B9AA-74EFA4A65E2B}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C7EBF32D-6CD2-4B48-9F2B-70FB7B4072B4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{C84552C6-284A-44BA-A700-68F4866B0524}" = protocol=6 | dir=in | app=c:\users\public\videos\sample videos\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{C89A367F-37CE-4129-AB55-D4550B57BE2D}" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\starcraft ii.exe |
"{C95F1E4D-7A4D-4694-98DF-9EA12FF75B4E}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D183E85D-0F0E-45C8-AD1A-021477C7A91A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D4A5EA50-54BF-4FE5-8C22-601882D4AB05}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7CBBD14-F3C8-43BC-8668-B42630352122}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D7DD025F-262F-4EDA-9EC7-A91FC16B611E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D8B4D3EF-6E98-4141-9F6B-A33DDA9C2B17}" = protocol=17 | dir=in | app=c:\users\public\videos\sample videos\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-enus-downloader.exe |
"{DA9A1472-0D54-4E29-A7CC-60CA67DB3E3D}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{DD7B0BED-FA9F-4739-A8BA-4E5CB459D899}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{E9C5F1D7-65E2-4EC1-93AB-631CEEEFB4A8}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{EA4A55E3-BF3B-4045-B949-E54929DB5375}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F8182F5C-2D51-4A42-8531-943DBED16C2E}" = protocol=6 | dir=in | app=c:\nexon\vindictus\en-us\nmservice.exe |
"{F8ED5B49-72DD-4453-8500-D0FEF415AD97}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCDDB538-808A-4B31-AE23-BB396A9E17DE}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{FD6AD855-4B0A-4818-8145-A9E0826C69B9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{0F2E4C1E-B4F0-42DA-97BF-244219FDBA05}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{1CA93103-B169-4206-9BDD-C4C9EFDE3C2C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"TCP Query User{208341B9-5F94-4272-B805-0E8936E8FF10}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |
"TCP Query User{2B07257A-C7B4-4255-9A22-F88469B8E14C}C:\program files\rockstar games\gta2\gta2.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe |
"TCP Query User{3771A892-76BF-4D0F-B484-3E135F6BE2E5}C:\program files\cain\cain.exe" = protocol=6 | dir=in | app=c:\program files\cain\cain.exe |
"TCP Query User{45298AAC-FEDF-4D54-8912-0EA3A02AE7DD}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=6 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"TCP Query User{49F5C975-9A03-4612-918B-81403E1E602F}C:\program files\starcraft ii beta\versions\base15343\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15343\sc2.exe |
"TCP Query User{4B1DA1CB-0B54-4BF9-B4E2-68C62F7BE0F8}C:\program files\dell 968 aio printer\dldoafcn.exe" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\dldoafcn.exe |
"TCP Query User{4D31E3C0-4D46-4B14-8FCC-23256E60B225}C:\program files\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{68704450-3DBC-4F46-9C74-96C0E72FAEAE}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{78AC0BB3-2F10-408D-A33D-54232D64DABC}C:\program files\oovoo\oovoo.exe" = protocol=6 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"TCP Query User{99601755-3DD3-4113-9C27-755EC75E7141}C:\users\boone\appdata\local\temp\blizzard launcher temporary - 1df10b40\launcher.exe" = protocol=6 | dir=in | app=c:\users\boone\appdata\local\temp\blizzard launcher temporary - 1df10b40\launcher.exe |
"TCP Query User{AE90088F-D5E1-4B0E-841E-09E6D858DBAC}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"TCP Query User{B48785C0-6E7E-4AE7-8C6A-2A4AA0C698F1}C:\program files\starcraft ii beta\versions\base15392\sc2.exe" = protocol=6 | dir=in | app=c:\program files\starcraft ii beta\versions\base15392\sc2.exe |
"TCP Query User{BCAA0F4D-0096-4EDF-ADE1-30783532BC34}C:\program files\dell 968 aio printer\dldomon.exe" = protocol=6 | dir=in | app=c:\program files\dell 968 aio printer\dldomon.exe |
"TCP Query User{C3567842-C1DD-4C2F-A064-A660DB104CC5}C:\program files\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"TCP Query User{D9B64461-4A4A-4959-B642-17EAEEDF7566}C:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe" = protocol=6 | dir=in | app=c:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe |
"TCP Query User{EA47972E-63BB-4510-8D9A-3D58B5169BF8}C:\program files\steam\steamapps\coldasiceman\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\coldasiceman\counter-strike source\hl2.exe |
"TCP Query User{F38C4E98-A0CE-4B00-86EB-6061AB627625}C:\ijji\english\u_gbound.exe" = protocol=6 | dir=in | app=c:\ijji\english\u_gbound.exe |
"TCP Query User{F4F2F0B3-A85B-490E-A19C-4BB5953F3A11}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{FCED12D8-3AFE-4742-8CC6-3385EBDC5223}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{09B6C364-FDEA-4267-9ED4-C322E1EC8D06}C:\program files\dell 968 aio printer\dldoafcn.exe" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\dldoafcn.exe |
"UDP Query User{0F247983-6B7D-44FB-95D0-1638F4C336D1}C:\ijji\english\gunbound revolution\gunbound.gme" = protocol=17 | dir=in | app=c:\ijji\english\gunbound revolution\gunbound.gme |
"UDP Query User{0F661E4A-4F85-4614-93BF-28DFCB955212}C:\program files\cain\cain.exe" = protocol=17 | dir=in | app=c:\program files\cain\cain.exe |
"UDP Query User{3E74FE58-43EE-4F78-9EE4-3EBE7AABFF4B}C:\users\boone\appdata\local\temp\blizzard launcher temporary - 1df10b40\launcher.exe" = protocol=17 | dir=in | app=c:\users\boone\appdata\local\temp\blizzard launcher temporary - 1df10b40\launcher.exe |
"UDP Query User{48566478-6758-472B-A6DD-77E1D853FC52}C:\program files\starcraft ii beta\versions\base15343\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15343\sc2.exe |
"UDP Query User{56704B11-127E-41C8-B0F1-9B994F14034C}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |
"UDP Query User{5722EFE4-15E8-4445-AC03-1345A74006D8}C:\program files\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{59593B6C-1D7D-4264-B0B3-F992F0B7BD6A}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{6D1B8550-198D-4E37-9262-95C785773665}C:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\grand theft auto\wino\grand theft auto.exe |
"UDP Query User{77F71B9D-F690-43D0-9726-96987C5E5CE8}C:\program files\starcraft ii beta\versions\base15392\sc2.exe" = protocol=17 | dir=in | app=c:\program files\starcraft ii beta\versions\base15392\sc2.exe |
"UDP Query User{7CC537B8-D0A6-43DA-8494-1EE48531F4DA}C:\program files\dell 968 aio printer\dldomon.exe" = protocol=17 | dir=in | app=c:\program files\dell 968 aio printer\dldomon.exe |
"UDP Query User{827A61BB-0BEB-4EB5-B7FF-FBFD0342F78F}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{8792B57C-CE74-4424-8498-47F5881140AD}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"UDP Query User{92B10C43-978C-471B-958D-5346A3543478}C:\program files\steam\steamapps\coldasiceman\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\coldasiceman\counter-strike source\hl2.exe |
"UDP Query User{97DB9619-0F7C-4DBF-8FFF-60364BEFFD68}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"UDP Query User{A729C539-0DDE-4BFF-9620-5C41D28BADE3}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{B7781C87-7765-40C2-9417-0E4689F6DB79}C:\program files\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files\heroes of newerth\hon.exe |
"UDP Query User{B7DBEC1B-9D87-4F5E-BF54-C77AC9ABD3A5}C:\ijji\english\u_gbound.exe" = protocol=17 | dir=in | app=c:\ijji\english\u_gbound.exe |
"UDP Query User{C40CCE6B-7126-4CB3-8AA5-3530C173E031}C:\program files\rockstar games\gta2\gta2.exe" = protocol=17 | dir=in | app=c:\program files\rockstar games\gta2\gta2.exe |
"UDP Query User{D12CE348-4439-43F1-85DF-13C89C102804}C:\program files\oovoo\oovoo.exe" = protocol=17 | dir=in | app=c:\program files\oovoo\oovoo.exe |
"UDP Query User{EC1A8586-D1C5-443D-8635-FB3B9E17A422}C:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars jedi knight jedi academy\gamedata\jamp.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.4300
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement
"{1544E39F-0A3A-4920-A530-1264DFB7113D}" = Dynex Enhanced G Wireless Desktop Card Setup
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A8E3C5D-B772-CB4A-1117-751B5D79787B}" = Catalyst Control Center Graphics Light
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}" = Star Wars Jedi Knight Jedi Academy
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FAF0F08-7120-4192-BF6A-B1EC7E26A935}" = UPSVCMM
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{266156C9-F681-A84B-083C-D2052A461583}" = Catalyst Control Center Graphics Full New
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A6FFA23-9188-E796-4AFF-196A2004AA39}" = ccc-utility
"{2F3BCA05-4FD4-9418-1976-32F783E43DF4}" = Catalyst Control Center Graphics Full Existing
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{38D9575F-6228-6A54-3A92-D902739B6541}" = Catalyst Control Center InstallProxy
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft AppLocale
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{573F1931-08F7-9222-704E-841C391794C5}" = ATI Catalyst Install Manager
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel® PRO Network Connections 12.1.12.4
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84D58782-A2F0-47D4-A557-3041363893CF}" = Adobe Setup
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91F2493D-8A65-7BF3-5684-9D6397F8847D}" = Catalyst Control Center Core Implementation
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92A300C0-E97B-48CC-9702-AB1AAED167E1}" = Adobe Soundbooth CS3 Scores
"{96327C3C-96BE-4C7A-A6F7-A71635E5949A}" = Microsoft SQL Server 2005 Backward compatibility
"{9794B30C-0FCB-3658-B44F-33BDDC788C2D}" = CCC Help English
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A73BDB2A-E4A7-4FE8-960E-6A5C8BF76FCB}" = XPS MiniView Gadget
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
"{C127414C-A625-4E0A-8AC1-F970F9E566A3}" = Adobe Elements Studio Launcher
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D379100F-65A2-4B54-D568-CD2BE238C6A3}" = Catalyst Control Center Graphics Previews Vista
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E8C06CB3-5DB2-4689-B1DC-4A0220DEA96C}" = Consumer Complete Care Services Agreement
"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FBF1268D-3323-545E-4DD0-F45AD313E37E}" = Catalyst Control Center Graphics Previews Common
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.57
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe_19c4ee81f9cc4b3dffb9a17d9b648b2" = Adobe Soundbooth CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adolix Wallpaper Changer_is1" = Adolix Wallpaper Changer 2.2
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Any Audio Converter_is1" = Any Audio Converter 1.1.0
"Audacity_is1" = Audacity 1.2.6
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"CCleaner" = CCleaner (remove only)
"Creative OEM005" = Monitor Webcam (SP2208WFP) Driver (1.00.08.0720)
"CToolbar_UNINSTALL" = Crawler Toolbar with Web Security Guard
"Dell 968 AIO Printer" = Dell 968 AIO Printer
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DjVu Solo 3.1" = DjVu Solo 3.1
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDStyler_is1" = DVDStyler v1.8.0.1
"FeedDemon_is1" = FeedDemon
"FormatFactory" = FormatFactory 2.20
"Google Updater" = Google Updater
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"Haihaisoft Universal Player" = Haihaisoft Universal Player
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"hon" = Heroes of Newerth
"ImgBurn" = ImgBurn
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 3.7.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"PROSetDX" = Intel® PRO Network Connections 12.1.12.4
"Spyware Doctor" = Spyware Doctor 7.0
"Spyware Terminator_is1" = Spyware Terminator
"StarBurn_is1" = StarBurn Version 10 (Build 0x20080905)
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"Vindictus" = Vindictus
"VLC media player" = VLC media player 1.1.0
"WinGimp-2.0_is1" = GIMP 2.6.4
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4264175037-1400091774-357153482-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/14/2010 4:29:00 AM | Computer Name = Boone-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3951 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 122c Start Time: 01cb83d53eb0517c Termination Time: 11

Error - 11/14/2010 4:29:00 AM | Computer Name = Boone-PC | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3951, time
stamp 0x4cc7add9, faulting module ntdll.dll, version 6.0.6000.16386, time stamp
0x4549bdc9, exception code 0xc0000005, fault offset 0x00042e7b, process id 0x6a8,
application start time 0x01cb83d54b87c36c.

Error - 11/14/2010 11:37:17 AM | Computer Name = Boone-PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 11/14/2010 12:01:41 PM | Computer Name = Boone-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/14/2010 12:02:11 PM | Computer Name = Boone-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 11/14/2010 12:14:34 PM | Computer Name = Boone-PC | Source = System Restore | ID = 8193
Description =

Error - 11/15/2010 2:35:31 AM | Computer Name = Boone-PC | Source = VSS | ID = 8194
Description =

Error - 11/15/2010 2:35:45 AM | Computer Name = Boone-PC | Source = System Restore | ID = 8193
Description =

Error - 11/15/2010 8:31:28 PM | Computer Name = Boone-PC | Source = System Restore | ID = 8193
Description =

Error - 11/15/2010 8:31:28 PM | Computer Name = Boone-PC | Source = System Restore | ID = 8210
Description =

[ OSession Events ]
Error - 10/27/2010 2:42:26 AM | Computer Name = Boone-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 16448 seconds with 2100 seconds of active time. This session ended with
a crash.

Error - 10/27/2010 4:41:29 AM | Computer Name = Boone-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 7130 seconds with 2280 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 11/8/2010 9:30:41 PM | Computer Name = Boone-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/8/2010 9:30:41 PM | Computer Name = Boone-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/8/2010 10:01:03 PM | Computer Name = Boone-PC | Source = Service Control Manager | ID = 7032
Description =

Error - 11/8/2010 11:26:25 PM | Computer Name = Boone-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 9:24:44 PM on 11/8/2010 was unexpected.

Error - 11/8/2010 11:28:43 PM | Computer Name = Boone-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/8/2010 11:28:45 PM | Computer Name = Boone-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/9/2010 1:38:31 AM | Computer Name = Boone-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:37:10 PM on 11/8/2010 was unexpected.

Error - 11/9/2010 1:40:46 AM | Computer Name = Boone-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 11/9/2010 1:40:47 AM | Computer Name = Boone-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 11/11/2010 9:42:35 AM | Computer Name = Boone-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:00 PM

Posted 16 November 2010 - 01:58 AM

Hi,

please run a scan with ComboFix next:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 Bootrick

Bootrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 16 November 2010 - 04:19 AM

As a quick note, ComboFix.exe did not run. I renamed it to XCombofix and it ran just fine. Also, it told me 2 antivirus and spyware programs that I could not get to run, were actually on and active. Nothing was in the system tray. I ended the proccess of another one (different than the 2 named) with task manager. But both the services named were already stopped. I told combofix to continue anyway. Also IE was made my default browser and it's stupid shortcut was placed on my desktop. I deleted it.

ComboFix 10-11-15.05 - Boone 11/16/2010 3:04.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3069.2366 [GMT -6:00]
Running from: c:\users\Boone\Desktop\xComboFix.exe
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Spyware Doctor with AntiVirus *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
SP: Spyware Terminator *disabled* (Outdated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
C:\svcxxxxxxx.exe
c:\svcxxxxxxx.exe\config.bin
c:\users\Boone\AppData\Local\{DF635C0B-EECC-4AE0-B15C-0F12694A5CF8}
c:\users\Boone\AppData\Local\{DF635C0B-EECC-4AE0-B15C-0F12694A5CF8}\chrome\content\overlay.xul
c:\users\Boone\AppData\Local\{DF635C0B-EECC-4AE0-B15C-0F12694A5CF8}\install.rdf
c:\users\Boone\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\dpuutnoi.ini
c:\windows\system32\fpjcmsij.ini
c:\windows\system32\hiqniqok.ini
c:\windows\system32\hwxxiwub.ini
c:\windows\system32\pnutfyxe.ini
c:\windows\system32\uwfqiuow.ini
c:\windows\system32\wdafjbgo.ini
c:\windows\Tasks\vmrbsrir.job

Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-16 08:53 . 2010-11-16 08:55 -------- d-----w- C:\32788R22FWJFW
2010-11-14 16:01 . 2010-02-05 15:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-11-14 16:01 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-11-14 16:01 . 2010-03-29 16:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-11-14 16:01 . 2009-11-23 19:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-11-14 16:01 . 2010-04-08 20:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-11-14 16:01 . 2010-11-15 08:31 -------- d-----w- c:\program files\Spyware Doctor
2010-11-14 16:01 . 2010-11-14 16:01 -------- d-----w- c:\program files\Common Files\PC Tools
2010-11-14 16:01 . 2010-11-14 16:01 -------- d-----w- c:\users\Boone\AppData\Roaming\PC Tools
2010-11-14 16:01 . 2010-11-14 16:01 -------- d-----w- c:\programdata\PC Tools
2010-11-14 12:30 . 2010-11-14 15:09 -------- d-----w- c:\programdata\Google Updater
2010-11-14 04:00 . 2010-11-14 04:00 -------- d-----w- c:\users\Boone\dwhelper
2010-11-09 01:46 . 2010-11-09 01:46 -------- d-----w- c:\users\Boone\AppData\Local\Mozilla
2010-11-09 01:46 . 2010-10-27 06:09 553696 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2010-11-08 22:35 . 2010-11-08 22:35 388096 ----a-r- c:\users\Boone\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-08 13:31 . 2010-11-16 06:02 -------- d-----w- c:\program files\Crawler
2010-11-08 13:28 . 2010-11-16 08:54 -------- d-----w- c:\users\Boone\AppData\Roaming\Spyware Terminator
2010-11-08 13:28 . 2010-11-08 13:28 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-11-08 13:28 . 2010-11-16 08:54 -------- d-----w- c:\program files\Spyware Terminator
2010-11-08 13:28 . 2010-11-15 06:35 -------- d-----w- c:\programdata\Spyware Terminator
2010-11-08 09:18 . 2010-11-08 09:18 -------- d-----w- c:\program files\Common Files\Java
2010-11-08 09:17 . 2010-11-08 09:17 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-08 09:17 . 2010-11-08 09:17 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-08 09:17 . 2010-11-08 09:17 -------- d-----w- c:\program files\Java
2010-11-08 08:25 . 2010-11-11 13:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-08 08:25 . 2010-11-08 09:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-11-08 08:11 . 2010-10-18 15:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68D2D845-2945-4D56-B851-E485DF1A74AC}\mpengine.dll
2010-11-08 02:19 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-08 02:19 . 2010-11-14 12:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-08 02:19 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 15:08 . 2010-10-19 15:08 0 ----a-w- c:\users\Boone\AppData\Local\Bjuwewahatewis.bin

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 17:41 . 2010-05-26 23:33 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-11-08 3037696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2010-05-23 03:40 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip Messaging Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip Messaging Utility.lnk
backup=c:\windows\pss\UPS WorldShip Messaging Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^UPS WorldShip PLD Reminder Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\UPS WorldShip PLD Reminder Utility.lnk
backup=c:\windows\pss\UPS WorldShip PLD Reminder Utility.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Boone^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Boone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2010-03-02 01:01 524632 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bluetooth HCI Monitor]
2006-12-07 23:50 9728 ----a-w- c:\windows\System32\HCIMNTR.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell 968 AIO Printer Fax Server]
2007-10-05 13:31 312560 ----a-w- c:\program files\Dell 968 AIO Printer\fm3032.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DELL Webcam Manager]
2007-07-27 20:43 118784 ------w- c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2009-05-21 17:13 206064 ----a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldomon.exe]
2007-10-05 13:30 455920 ----a-w- c:\program files\Dell 968 AIO Printer\dldomon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2008-02-13 23:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]
2008-01-18 11:40 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 19:44 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2007-10-05 13:30 410864 ----a-w- c:\program files\Dell 968 AIO Printer\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
2006-11-02 09:45 222208 ----a-w- c:\windows\System32\msconfig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
2009-01-08 13:44 70936 ----a-w- c:\users\Boone\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM05Mon.exe]
2007-08-22 05:39 36864 ----a-w- c:\windows\OEM05Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2008-10-28 03:19 128296 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2007-09-12 08:40 405504 ----a-w- c:\program files\Sigmatel\C-Major Audio\WDM\sttray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 22:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator]
2010-11-08 13:28 2216960 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorShield.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-11-08 13:28 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 17:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-11-07 12:26 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wallpaper Manager]
2008-03-14 19:59 1946624 ----a-w- c:\program files\Adolix\Adolix Wallpaper Changer\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4264175037-1400091774-357153482-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-05-23 12872]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-07 172032]
R4 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [x]
R4 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R4 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe [2007-10-05 595184]
R4 dldoCATSCustConnectService;dldoCATSCustConnectService;c:\windows\system32\spool\DRIVERS\W32X86\3\\dldoserv.exe [2007-10-05 99568]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-02 1029456]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-24 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-05-23 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-05-28 67656]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2010-11-08 142592]
S1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\DRIVERS\StarPortLite.sys [2008-08-20 93544]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2009/01/22 20:22];c:\program files\CyberLink\PowerDVD DX\000.fcl [2008-10-28 03:34 87536]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-04-07 5430272]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-04-07 157184]
S3 OEM05Afx;Provides a software interface to control audio effects of OEM005 camera.;c:\windows\system32\Drivers\OEM05Afx.sys [2007-08-22 141376]
S3 OEM05Vfx;Creative Camera OEM005 Video VFX Driver;c:\windows\system32\DRIVERS\OEM05Vfx.sys [2007-08-22 7424]
S3 OEM05Vid;Creative Camera OEM005 Driver;c:\windows\system32\DRIVERS\OEM05Vid.sys [2007-08-22 235616]
S3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\DRIVERS\livecamv.sys [2007-01-15 31616]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder

2010-11-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 01:01]

2010-11-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-11-14 12:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080326
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
FF - ProfilePath - c:\users\Boone\AppData\Roaming\Mozilla\Firefox\Profiles\8lkru1ts.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Crawler\firefox\components\xcomm.dll
FF - component: c:\program files\Crawler\firefox\components\xshared.dll
FF - component: c:\program files\Crawler\firefox\components\xsupport.dll
FF - component: c:\program files\Crawler\firefox\components\xwsg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1970.7372\npCIDetect14.dll
FF - plugin: c:\program files\Haihaisoft Universal Player\Codec\Plugins\nppl3260.dll
FF - plugin: c:\program files\Haihaisoft Universal Player\Codec\Plugins\npqtplugin.dll
FF - plugin: c:\program files\Haihaisoft Universal Player\Codec\Plugins\nprpjplug.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbyond.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\users\Boone\Desktop\stuff\freeware\VLC\npvlc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A057A204-BACC-4D26-8087-36EE87E26986} - (no file)
MSConfigStartUp-9a128a0c - c:\windows\system32\exyftunp.dll
MSConfigStartUp-AppleSyncNotifier - c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-Corel Photo Downloader - c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
MSConfigStartUp-Intuit SyncManager - c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-MSServer - c:\windows\system32\rqRJabXP.dll
MSConfigStartUp-NA1Messenger - c:\ups\WSTD\UPSNA1Msgr.exe
MSConfigStartUp-oovoo - c:\program files\ooVoo\ooVoo.exe
MSConfigStartUp-pccguide - c:\program files\Trend Micro\Internet Security 14\pccguide.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-StartCCC - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MSConfigStartUp-Steam - c:\program files\Steam\Steam.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 03:11
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4264175037-1400091774-357153482-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C8333052-9D67-2B03-530D-4B5F34F38035}*]
"bbelildkmffpjpkppiacplejiklpfkfmghkn"=hex:61,61,00,00
"abelildkmffpjpkppinbcpanbhddgahefg"=hex:61,61,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-16 03:13:08
ComboFix-quarantined-files.txt 2010-11-16 09:12

Pre-Run: 84,840,435,712 bytes free
Post-Run: 85,241,769,984 bytes free

- - End Of File - - 31C553944135A3F495D5F20C1B7EBB58

#6 Bootrick

Bootrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 16 November 2010 - 04:21 AM

A quick test of 20 searches shows no signs of the redirection problem.

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:00 PM

Posted 16 November 2010 - 05:04 AM

Hi,

ComboFix restores the default settings while installed. Your settings will be restored when we uninstall it at the end of the cleaning.

Are you anti virus program and spyware programs up and running again?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 Bootrick

Bootrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 16 November 2010 - 06:10 AM

i don't set any of them to auto run. Haven't tried using any yet

#9 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:00 PM

Posted 16 November 2010 - 06:38 AM

Hi,

I would strongly encourage you to have one (and only one) anti virus program with a resident shield running at all times to prevent infections. That is much more effective than having several scanners that only remove malware once it's there.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#10 Bootrick

Bootrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 16 November 2010 - 06:39 AM

i was now able to run spybot, it found no problems going to keep scanning with what else I have.

#11 Bootrick

Bootrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 16 November 2010 - 07:46 AM

Spyware Terminator turned up tracking cookies. These have been reinstalling themselves as long as the root problem was around. Don't know if the root problem is fixed but I'm currently a lot better off with that TDL3 rootkit removed

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:00 PM

Posted 16 November 2010 - 08:35 AM

Hi,

great, I am happy to hear that :)

Please run a scan with Eset as well to check for leftovers:
I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 Bootrick

Bootrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 16 November 2010 - 10:21 AM

Here u go. Says I have some sort of Java downloader thingy.

C:\Qoobox\Quarantine\C\Windows\system32\dpuutnoi.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\fpjcmsij.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\hiqniqok.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\hwxxiwub.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\pnutfyxe.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\uwfqiuow.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\wdafjbgo.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Windows\system32\Drivers\ndis.sys.vir Win32/Olmarik.ZC trojan cleaned - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\38cf9600-6137f5c9 a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3\12a49b83-55f42e7a multiple threats deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\30feb821-7e6af119 Java/TrojanDownloader.Agent.NBK trojan deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5060c263-17165ae5 Java/TrojanDownloader.Agent.NBE trojan deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4\5541aec4-26779f70 Java/TrojanDownloader.Agent.NBM trojan deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\6aa23129-448f1aee a variant of Java/Exploit.Agent.NAC trojan deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42\74d4186a-33d84c63 multiple threats deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\756b030-5845b614 a variant of Java/Exploit.Agent.NAL trojan cleaned by deleting - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\31bba1f4-270146fc Java/TrojanDownloader.Agent.NBL trojan deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\59ba1574-399e0803 a variant of Java/TrojanDownloader.OpenStream.NAU trojan deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\2e0630b6-398e8dc5 multiple threats deleted - quarantined
C:\Users\Boone\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2d475f78-2347ca86 multiple threats deleted - quarantined

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:00 PM

Posted 16 November 2010 - 10:43 AM

Hi,

please empty your java cache to remove the downloader:
Clear the Java cache:
  • Go to Start -> Control Panel.
  • In the Control Panel, double-click the Java icon.
    • The Java Control Panel appears.
  • Click Settings... under "Temporary Internet Files".The Temporary Files Settings dialog box appears.
  • Click Delete Files...The Delete Temporary Files dialog box appears.
  • Click OK on the Delete Temporary Files window.
    NOTE: This deletes all the Downloaded Applications and Applets from the cache!
  • Click OK on the Temporary Files Settings window.
  • Close the Java Control Panel.

    You can also view these instructions along with screenshots here.

Please also update your Adobe Reader:
Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:
  • Download the latest version of Adobe Reader Version 9.3. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
  • Once the installation is finished, open Adobe Reader and accept the warranty if prompted.
  • Click on Help and select Check for Updates.
  • A window will open and Adobe will check for Updates. If any updates are found to be available click on Download.
  • Once the update is downloaded you will get a system notification telling you so. Click on the popup to restore the window.
  • In the window that opens click Install.
  • Once the update is done click Close.
Your Adobe Reader is now up to date!

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 Bootrick

Bootrick
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 16 November 2010 - 03:10 PM

Done and eset run again. It gave me a trojan result but I forgot to save the log. Ran it again about an hour l8r and got no hits so whatever it was didn't reinstall itself yet if it's going to.

What's next fix-it guru?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users