Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky Internet Security 2011 will not install


  • This topic is locked This topic is locked
4 replies to this topic

#1 hgdev

hgdev

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 03 January 2011 - 08:07 AM

I let my kaspersky2010 subscription run out for a short while.
Shortly started getting screens created by HDDoctor spyware.
I then purchased KIS2011 to install.
The installation failed. Tried both CD installation from boxed retail and also downloading the latest off the website.
Kept getting dialog box that install failed and
that pc may be infected and to download AVPTool.
That tool would not download automatically so had to dl it manually.
Ran that tool and it found/deleted a few files. Ran it again until nothing found.
KIS2011 still would not install.
Went through the help routine with KIS-911 site helpers; they suggested it is malware.
They instructed getsysteminfo install. It installs but will not create the report;
let it runs 3 hours and still nothing. Tried it on other pc and getsysteminfo completes in just minutes.
KIS2011 still would not install.
Installed/ran malwarebytes; found several items and removed (log follows below)
KIS2011 still would not install.
Installed/ran RootRepeal; log follows.

Now I am here...




///malwarebytes log///
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5446

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/2/2011 7:13:41 PM
mbam-log-2011-01-02 (19-13-41).txt

Scan type: Quick scan
Objects scanned: 194570
Time elapsed: 5 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\userinit (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rundll32.exe (Trojan.Agent) -> Value: rundll32.exe ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{B9EC7B16-0250-EEBE-B37C-4136937A9D1D} (Trojan.ZbotR.Gen) ->

Value: {B9EC7B16-0250-EEBE-B37C-4136937A9D1D} -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good:

(0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good:

(0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good:

(0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\how.dell\local settings\Temp\0.47582413853977346.exe (Trojan.Dropper) -> Quarantined and deleted

successfully.
c:\WINDOWS\msacm32.drv (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\wuasirvy.dll (Trojan.Banker) -> Quarantined and deleted successfully.
c:\documents and settings\how.dell\application data\fklgu.bat (Malware.Trace) -> Quarantined and deleted successfully.
///end malwarebytes log///




///root repeal log///
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2011/01/03 07:46
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\how.dell\local settings\application

data\mozilla\firefox\profiles\tci27sum.default\urlclassifier3.sqlite
Status: Allocation size mismatch (API: 23412736, Raw: 23408640)

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.ISOImage.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.ISOImage.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\DellDriverDownloadManager.exe.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\DellDriverDownloadManager.exe.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\DellDriverDownloadManager.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\DellDriverDownloadManager.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Core.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Core.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Dell.eSupport.DownloadManager.Localization.resources.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Interop.IWshRuntimeLibrary.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Interop.IWshRuntimeLibrary.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\stdole.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\stdole.manifest
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Xceed.Compression.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\how.DELL\Local Settings\Apps\2.0

\8ZK41MRN.KJH\KYLBKMLJ.YCB\manifests\Xceed.Compression.manifest
Status: Locked to the Windows API!
///end root repeal///





DDS (Ver_10-12-12.02) - NTFSx86
Run by how at 0:13:38.03 on Mon 01/03/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_15

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.dell4me.com/myway
uInternet Settings,ProxyOverride = localhost;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~4\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6

\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {F999A48B-1950-4D81-9971-79018F807B4B} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Sonic RecordNow!] c:\program files\scansoft\paperport\PPScheduler.exe
uRun: [PPScheduler] c:\program files\scansoft\paperport\PPScheduler.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
mRun: [DwlClient] c:\program files\common files\dell\eusw\Support.exe
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}

\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [DLCJCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCJtime.dll,_RunDLLEntry@16
mRun: [USB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [TurboHddUsb] c:\program files\turbohddusb\TurboHddUsb.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PMBVolumeWatcher] c:\program files\sony\pmb\PMBVolumeWatcher.exe
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [MMTray] c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 964\memcard.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [LWBMOUSE] c:\program files\nasdak\omnimouse driver\4.0\MOUSE32A.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IAAnotif] c:\program files\intel\intel application accelerator\iaanotif.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DMXLauncher] "c:\program files\roxio\cineplayer\DMXLauncher.exe"
mRun: [dlcjmon.exe] "c:\program files\dell photo aio printer 964\dlcjmon.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DellStatusMonitor] "c:\drivers\printer\540\StatMon.exe"
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [AmazonGSDownloaderTray] c:\program files\amazon\amazon games & software downloader\AmazonGSDownloaderTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimagehome\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\how~1.del\startm~1\programs\startup\checkf~1.lnk - c:\jts\WiseUpdt.exe
StartupFolder: c:\docume~1\how~1.del\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3

\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\powerf~1.lnk - c:\program

files\powerfolder.com\powerfolder\PowerFolder.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program

files\tradeguider_education\masterclass\masterclass.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{51fb15f4-ad27-43bc-ad4b-

dd0354fb6bbd}\Icon3E5562ED7.ico
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft

office\office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky

lab\kaspersky internet security 2010\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft

office\office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky

lab\kaspersky internet security 2010\klwtbbho.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} -

hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233894000492
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -

hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {A3DB2E19-3365-43C3-B75E-AAF5C6830C39} = 4.2.2.1,4.2.2.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14

\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: GoToMyPC - c:\program files\citrix\gotomypc\G2WinLogon.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll, c:\progra~1\kasper~1\kasper~1\kloehk.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~4\office14\GROOVEEX.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\how~1.del\applic~1\mozilla\firefox\profiles\tci27sum.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-

aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/?src=aim&ncid=snsusaimc00000001
FF - component: c:\documents and settings\how.dell\application

data\mozilla\firefox\profiles\tci27sum.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\how.dell\application

data\mozilla\firefox\profiles\tci27sum.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-

ff3.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-

a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-

0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-

0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-

0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-

0000-0015-ABCDEFFEDCBA}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla

firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files\mozilla

firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} -

c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869

-9855de68056c}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-

46ed-80e3-08825760534b}
FF - Ext: FoxClocks: {d37dc5d0-431d-44e5-8c91-49419370caa1} - %profile%\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
FF - Ext: Date Picker/Calendar: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8} - %profile%\extensions\{A6A0B3F6-6D2D-4c55-96C1-

7481BEA2EBF8}
FF - Ext: gTranslate: {aff87fa2-a58e-4edd-b852-0a20203c1e17} - %profile%\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2011-01-03 00:01:57 -------- d-----w- c:\docume~1\how~1.del\applic~1\Malwarebytes
2011-01-03 00:01:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-03 00:01:51 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-03 00:01:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-03 00:01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-02 05:41:36 37392 ----a-w- c:\windows\system32\drivers\05327752.sys
2011-01-02 05:41:36 315408 ----a-w- c:\windows\system32\drivers\0532775.sys
2011-01-02 05:41:36 128016 ----a-w- c:\windows\system32\drivers\05327751.sys
2011-01-01 17:49:15 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2011-01-01 15:44:25 13312 ----a-w- c:\windows\system32\drivers\vdmyoda5.sys
2010-12-31 03:50:10 37392 ----a-w- c:\windows\system32\drivers\66024482.sys
2010-12-31 03:50:10 315408 ----a-w- c:\windows\system32\drivers\6602448.sys
2010-12-31 03:50:10 128016 ----a-w- c:\windows\system32\drivers\66024481.sys
2010-12-28 04:48:28 -------- d-----w- c:\docume~1\how~1.del\locals~1\applic~1\ConduitEngine
2010-12-28 04:48:27 0 ----a-w- c:\windows\system32\ConduitEngine.tmp
2010-12-28 04:48:27 -------- d-----w- c:\program files\ConduitEngine
2010-12-28 04:47:46 -------- d-----w- c:\program files\Conduit
2010-12-28 04:47:46 -------- d-----w- c:\docume~1\how~1.del\locals~1\applic~1\Conduit
2010-12-28 04:47:44 -------- d-----w- c:\docume~1\how~1.del\locals~1\applic~1\FreeOnlineRadioPlayerRecorder
2010-12-28 04:47:42 -------- d-----w- c:\docume~1\how~1.del\applic~1\Free AVI MPEG WMV MP4 FLV Video Joiner
2010-12-28 04:47:40 -------- d-----w- c:\program files\FreeOnlineRadioPlayerRecorder
2010-12-28 04:47:27 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2010-12-28 04:21:11 -------- d-----w- c:\docume~1\how~1.del\applic~1\Torrent
2010-12-28 04:20:58 -------- d-----w- c:\program files\Torrent WMV Joiner
2010-12-28 04:19:46 -------- d-----w- C:\WMV join applications
2010-12-28 04:03:58 -------- d-----w- C:\FTV_joined
2010-12-28 04:01:10 -------- d-----w- c:\program files\Free Video Joiner
2010-12-26 05:42:57 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-12-25 19:08:30 162 --sha-r- c:\docume~1\how~1.del\applic~1\config.sys
2010-12-25 19:08:05 632481 --sha-r- c:\docume~1\how~1.del\applic~1\system32.exe
2010-12-25 16:08:43 -------- d-----w- c:\docume~1\how~1.del\locals~1\applic~1\Research In Motion
2010-12-25 14:39:25 -------- d-----w- c:\docume~1\how~1.del\applic~1\Qyafn
2010-12-25 14:39:25 -------- d-----w- c:\docume~1\how~1.del\applic~1\Iksa
2010-12-18 21:06:49 72080 ----a-w- c:\documents and settings\how.dell\g2mdlhlpx.exe
2010-12-15 20:09:39 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 20:08:29 45568 ------w- c:\windows\system32\dllcache\wab.exe
2010-12-06 14:14:02 69632 ----a-w- c:\windows\system32\mfcm80.dll
2010-12-06 14:14:02 626688 ----a-w- c:\windows\system32\msvcr80.dll
2010-12-06 14:14:02 57344 ----a-w- c:\windows\system32\mfcm80u.dll
2010-12-06 14:14:02 548864 ----a-w- c:\windows\system32\msvcp80.dll
2010-12-06 14:14:02 479232 ----a-w- c:\windows\system32\msvcm80.dll
2010-12-06 14:14:02 253952 ----a-w- c:\windows\ddedll.dll
2010-12-06 14:14:02 1093632 ----a-w- c:\windows\system32\mfc80.dll
2010-12-06 14:14:02 1079808 ----a-w- c:\windows\system32\mfc80u.dll
2010-12-06 14:14:02 106496 ----a-w- c:\windows\system32\TwsSocketClient.dll
2010-12-05 21:59:37 52080 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll
2010-12-05 21:59:29 111472 ----a-w- c:\windows\system32\gotomon.dll
2010-12-05 21:59:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\CitrixLogs
2010-12-05 21:57:42 7053264 ----a-w- c:\documents and settings\how.dell\gosetup.exe

==================== Find3M ====================

2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ------w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ------w- c:\windows\system32\win32k.sys

============= FINISH: 0:14:36.51 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:10 AM

Posted 09 January 2011 - 05:13 AM

Hello, and :welcome: to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Watch Topic. By clicking this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. :)

  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold


    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav

  • Push the Posted Image button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 hgdev

hgdev
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 10 January 2011 - 09:11 PM

Well the issue is more or less resolved, but I am following through to make absolutely sure there is nothing left.

Before it completed there was an error, I clicked Continue and process finished.
Exception Processing Message c0000013 Parameters 75b6bf7c 4 75b6bf7c 75b6bf7c





OTL logfile created on: 1/10/2011 8:01:46 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Kaspersky virus removal tool
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 159.05 Gb Total Space | 68.22 Gb Free Space | 42.89% Space Free | Partition Type: NTFS
Drive E: | 145.44 Gb Total Space | 9.61 Gb Free Space | 6.61% Space Free | Partition Type: NTFS
Drive F: | 173.77 Gb Total Space | 5.99 Gb Free Space | 3.45% Space Free | Partition Type: NTFS
Drive G: | 982.41 Gb Total Space | 1.49 Gb Free Space | 0.15% Space Free | Partition Type: NTFS
Drive H: | 186.31 Gb Total Space | 2.80 Gb Free Space | 1.50% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 379.54 Gb Free Space | 40.74% Space Free | Partition Type: NTFS

Computer Name: DELLDESK | User Name: how | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/10 19:59:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Kaspersky virus removal tool\OTL.exe
PRC - [2011/01/10 07:15:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/09 22:02:56 | 000,321,328 | ---- | M] (BitTorrent, Inc.) -- C:\utorrent185\uTorrent.exe
PRC - [2011/01/08 23:32:18 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2010/08/25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 11:19:26 | 000,207,360 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/03/08 16:04:49 | 003,972,440 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe
PRC - [2009/12/14 22:53:55 | 003,327,488 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files\TurboHddUsb\TurboHddUsb.exe
PRC - [2009/10/20 19:34:38 | 000,207,376 | ---- | M] (Kaspersky Lab) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
PRC - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 22:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/07/25 04:23:07 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\launch4j-tmp\PowerFolder.exe
PRC - [2009/02/06 17:07:48 | 000,027,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Contacts\wlcomm.exe
PRC - [2009/01/20 22:45:00 | 000,960,536 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/01/20 22:34:36 | 000,377,232 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/01/20 22:34:26 | 000,618,936 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/01/20 22:06:10 | 004,359,280 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/07/21 16:54:34 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/05/01 23:15:46 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2007/11/27 17:13:44 | 000,385,024 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
PRC - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
PRC - [2007/08/14 02:44:38 | 000,113,136 | ---- | M] () -- C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
PRC - [2007/01/01 16:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Program Files\Google\Google Talk\googletalk.exe
PRC - [2005/09/30 09:51:24 | 000,430,080 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe
PRC - [2005/08/10 09:12:14 | 000,286,720 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
PRC - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () -- C:\WINDOWS\SYSTEM32\dlcjcoms.exe
PRC - [2004/10/09 07:40:09 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\realplay.exe
PRC - [2004/10/07 12:53:20 | 000,376,832 | ---- | M] (Dell) -- C:\DRIVERS\printer\540\StatMon.exe
PRC - [2004/05/27 20:05:42 | 000,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2004/04/19 14:45:52 | 000,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2004/03/23 12:16:16 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe
PRC - [2003/10/29 02:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2003/08/06 15:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\ACS\acsd.exe
PRC - [2001/09/10 18:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/10 19:59:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Kaspersky virus removal tool\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/05/01 23:15:35 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\DOCUME~1\HOW~1.DEL\LOCALS~1\Temp\DX9\SessionLauncher.exe -- (SessionLauncher)
SRV - File not found [On_Demand | Stopped] -- C:\windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/01/08 23:32:18 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/09/25 22:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/05 20:54:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/20 22:34:26 | 000,618,936 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/07/21 16:53:04 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/01/29 16:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008/01/29 15:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/08/24 14:53:16 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2007/08/24 14:53:14 | 000,072,176 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2007/08/24 14:52:48 | 000,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe -- (RoxLiveShare10)
SRV - [2007/08/24 14:52:46 | 000,166,384 | ---- | M] (Sonic Solutions) [Auto | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe -- (RoxWatch10)
SRV - [2007/08/24 14:52:38 | 001,083,888 | ---- | M] (Sonic Solutions) [On_Demand | Running] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2005/07/12 16:33:02 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\windows\System32\dlcjcoms.exe -- (dlcj_device)
SRV - [2004/03/23 12:15:40 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)
SRV - [2003/08/06 15:58:26 | 001,376,360 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)
SRV - [2001/09/10 18:08:50 | 000,032,256 | ---- | M] (C-Dilla Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\windows\System32\drivers\bgnr.sys -- (tpemdb)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\windows\System32\drivers\rootrepeal.sys -- (rootrepeal)
DRV - [2009/12/14 22:54:15 | 000,007,040 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FNETURPX.SYS -- (FNETURPX)
DRV - [2009/12/14 22:53:55 | 000,017,792 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\FNETTBOH.SYS -- (FNETTBOH)
DRV - [2009/11/11 16:35:34 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klif.sys -- (KLIF)
DRV - [2009/10/14 20:18:34 | 000,036,880 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\windows\system32\drivers\klbg.sys -- (klbg)
DRV - [2009/10/02 18:39:44 | 000,019,472 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klmouflt.sys -- (klmouflt)
DRV - [2009/09/14 13:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\klim5.sys -- (klim5)
DRV - [2009/09/01 14:29:50 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009/06/06 17:39:36 | 000,971,552 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\tdrpm174.sys -- (tdrpman174) Acronis Try&Decide and Restore Points filter (build 174)
DRV - [2009/06/06 17:39:30 | 000,540,000 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/06/06 17:39:30 | 000,044,704 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)
DRV - [2009/06/06 17:39:21 | 000,134,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\snman380.sys -- (snapman380) Acronis Snapshots Manager (Build 380)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 13:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 12:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/12/24 17:37:00 | 000,138,384 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys -- (tmcomm)
DRV - [2007/08/18 02:09:04 | 000,057,328 | ---- | M] (Sonic Solutions) [File_System | Disabled | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RxFilter.sys -- (RxFilter)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mxopswd.sys -- (MXOPSWD)
DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emAudio.sys -- (emAudio)
DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emDevice.sys -- (DCamUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emFilter.sys -- (FiltUSBEMPIA)
DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\emScan.sys -- (ScanUSBEMPIA)
DRV - [2004/10/09 07:44:00 | 000,028,352 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2004/10/09 07:40:12 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\windows\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/08/25 10:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/05/29 17:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/05/05 21:48:40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\windows\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys -- (HSF_DP)
DRV - [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/11/08 13:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/09/10 18:09:46 | 000,057,392 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CDANT.SYS -- (C-Dilla)
DRV - [2001/08/17 14:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 14:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 14:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 14:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 14:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 13:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 13:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 13:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 13:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 13:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 13:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 13:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 13:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 13:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 13:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\windows\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=desktop
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.live.com/
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?src=aim&ncid=snsusaimc00000001"
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: {A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}:2.1.73
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.6.18
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.463
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.8
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/10 07:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/10 07:15:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2009/11/23 21:39:30 | 000,000,000 | ---D | M]

[2009/02/21 23:54:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Extensions
[2009/03/01 21:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\4nyxn3g5.default\extensions
[2009/03/01 21:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\4nyxn3g5.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/03/01 21:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\4nyxn3g5.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/03/01 21:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\4nyxn3g5.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009/03/01 21:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\4nyxn3g5.default\extensions\bettergmail2@ginatrapani.org
[2011/01/10 01:08:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\extensions
[2010/05/01 21:59:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/14 06:05:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/12/20 04:47:18 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/09/12 17:12:54 | 000,000,000 | ---D | M] (Date Picker/Calendar) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\extensions\{A6A0B3F6-6D2D-4c55-96C1-7481BEA2EBF8}
[2011/01/10 01:08:40 | 000,000,000 | ---D | M] (gTranslate) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010/03/20 13:54:55 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2010/05/29 09:16:12 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2010/03/20 13:58:50 | 000,002,267 | ---- | M] () -- C:\Documents and Settings\how.DELL\Application Data\Mozilla\Firefox\Profiles\tci27sum.default\searchplugins\aim-search.xml
[2011/01/10 19:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/03/01 21:12:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/10/03 21:49:26 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009/03/15 21:08:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DellStatusMonitor] C:\DRIVERS\PRINTER\540\StatMon.exe (Dell)
O4 - HKLM..\Run: [DLCJCATS] C:\windows\System32\spool\DRIVERS\W32X86\3\DLCJtime.DLL ()
O4 - HKLM..\Run: [dlcjmon.exe] C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe ()
O4 - HKLM..\Run: [DwlClient] c:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 964\memcard.exe ()
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\windows\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\windows\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [TurboHddUsb] C:\Program Files\TurboHddUsb\TurboHddUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKLM..\Run: [USB2Check] C:\windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKU\S-1-5-21-2633727236-34183550-2578022322-1006..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-2633727236-34183550-2578022322-1006..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-2633727236-34183550-2578022322-1006..\Run: [Sonic RecordNow!] C:\Program Files\ScanSoft\PaperPort\PPScheduler.exe File not found
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\windows\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\windows\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe (Research In Motion Limited)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerFolder.lnk = C:\Program Files\PowerFolder.com\PowerFolder\PowerFolder.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to masterclass.exe.LNK = C:\Program Files\TradeGuider_Education\masterclass\masterclass.exe (MatchWare A/S)
O4 - Startup: C:\Documents and Settings\how.DELL\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe ()
O4 - Startup: C:\Documents and Settings\how.DELL\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233894000492 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\windows\system32\klogon.dll - C:\WINDOWS\SYSTEM32\klogon.dll (Kaspersky Lab)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/03/01 21:30:09 | 000,000,000 | ---D | M] - C:\Autoruns from Sysinternals -- [ NTFS ]
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{45afc8be-3289-11de-86cb-00038a000015}\Shell\AutoRun\command - "" = I:\Info.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65315805348233216)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 23:13:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/01/09 21:43:09 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\how.DELL\Recent
[2011/01/09 20:28:26 | 000,974,848 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc42.dll
[2011/01/09 20:28:26 | 000,954,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40.dll
[2011/01/09 20:28:26 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\mfc40u.dll
[2011/01/09 20:28:13 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\comctl32.dll
[2011/01/09 20:27:46 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\helpsvc.exe
[2011/01/09 20:27:35 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\iedvtool.dll
[2011/01/09 20:27:26 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\ndproxy.sys
[2011/01/09 20:24:35 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\dllcache\wab.exe
[2011/01/09 20:21:45 | 000,000,000 | ---D | C] -- F:\MyDocs\Paperport_install_purchased
[2011/01/09 15:07:29 | 000,000,000 | ---D | C] -- C:\downloads
[2011/01/09 14:43:24 | 000,000,000 | ---D | C] -- C:\WMV join applications
[2011/01/09 14:42:58 | 000,000,000 | ---D | C] -- C:\Kaspersky virus removal tool
[2011/01/09 14:41:43 | 000,000,000 | ---D | C] -- C:\Hydra
[2011/01/09 14:02:43 | 115,652,856 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\how.DELL\Desktop\kis2011_11.0.2.556-1781EN-US.exe
[2011/01/09 14:02:27 | 020,039,632 | ---- | C] (The GIMP Team ) -- C:\Documents and Settings\how.DELL\Desktop\gimp-2.6.10-i686-setup-1.exe
[2011/01/09 14:02:27 | 000,331,857 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\how.DELL\Desktop\GetSystemInfo.exe
[2011/01/09 14:02:26 | 004,491,768 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\how.DELL\Desktop\g2m_codec.exe
[2011/01/09 14:02:15 | 131,694,312 | ---- | C] (Research In Motion Ltd. ) -- C:\Documents and Settings\how.DELL\Desktop\9000M_PBr5.0.0_rel1385_PL5.2.0.76_A5.0.0.822_AT_amp_T.exe
[2011/01/09 13:58:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\how.DELL\Desktop\Virus Removal Tool
[2011/01/09 13:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\how.DELL\Desktop\Unused Desktop Shortcuts
[2011/01/09 13:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\how.DELL\Desktop\rsa cable vpn
[2011/01/09 13:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\how.DELL\Desktop\Remote Desktop Terminal services client XP
[2011/01/09 13:57:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\how.DELL\Desktop\Hydratrade44PLUSFullInstall
[2011/01/09 13:57:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\how.DELL\Desktop\BlackBerry USB and Modem Drivers
[2011/01/09 13:39:56 | 000,000,000 | ---D | C] -- C:\FTV_joined
[2011/01/09 13:31:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\how.DELL\Documents
[2011/01/09 13:26:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PowerFolder
[2011/01/09 00:47:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\how.DELL\Application Data\Malwarebytes
[2011/01/09 00:47:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2011/01/09 00:47:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/09 00:47:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/09 00:46:56 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2011/01/09 00:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/12/28 17:10:42 | 000,000,000 | ---D | C] -- F:\MyDocs\RSB
[2010/12/26 00:53:24 | 000,000,000 | ---D | C] -- F:\MyDocs\BlackBerry
[2004/08/25 11:22:08 | 000,151,552 | ---- | C] ( ) -- C:\windows\System32\ATIDEMGR.dll
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Documents and Settings\how.DELL\*.tmp files -> C:\Documents and Settings\how.DELL\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/10 07:16:38 | 000,000,256 | ---- | M] () -- C:\windows\System32\pool.bin
[2011/01/10 07:12:30 | 000,002,048 | --S- | M] () -- C:\windows\BOOTSTAT.DAT
[2011/01/10 01:04:39 | 000,407,104 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/09 21:37:14 | 000,140,800 | ---- | M] () -- C:\Documents and Settings\how.DELL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/09 21:36:37 | 000,002,206 | ---- | M] () -- C:\windows\System32\WPA.DBL
[2011/01/09 21:12:40 | 000,442,466 | ---- | M] () -- C:\windows\System32\PERFH009.DAT
[2011/01/09 21:12:40 | 000,071,732 | ---- | M] () -- C:\windows\System32\PERFC009.DAT
[2011/01/09 20:12:28 | 000,000,211 | -HS- | M] () -- C:\BOOT.INI
[2011/01/09 13:26:43 | 000,000,916 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerFolder.lnk
[2011/01/09 13:26:43 | 000,000,898 | ---- | M] () -- C:\Documents and Settings\how.DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\PowerFolder.lnk
[2011/01/09 13:26:43 | 000,000,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PowerFolder.lnk
[2011/01/09 00:47:03 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\how.DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2011/01/08 23:32:13 | 000,114,243 | ---- | M] () -- C:\windows\System32\drivers\klin.dat
[2011/01/08 23:32:13 | 000,097,859 | ---- | M] () -- C:\windows\System32\drivers\klick.dat
[2011/01/07 20:21:36 | 000,331,857 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\how.DELL\Desktop\GetSystemInfo.exe
[2011/01/02 17:47:25 | 000,001,594 | ---- | M] () -- C:\Documents and Settings\how.DELL\Desktop\KIS Shortcut to setup.exe.lnk
[2011/01/02 12:33:09 | 115,652,856 | ---- | M] (Kaspersky Lab) -- C:\Documents and Settings\how.DELL\Desktop\kis2011_11.0.2.556-1781EN-US.exe
[2010/12/28 20:24:31 | 000,002,056 | -H-- | M] () -- F:\MyDocs\Default.rdp
[2010/12/24 20:09:40 | 131,694,312 | ---- | M] (Research In Motion Ltd. ) -- C:\Documents and Settings\how.DELL\Desktop\9000M_PBr5.0.0_rel1385_PL5.2.0.76_A5.0.0.822_AT_amp_T.exe
[2010/12/21 01:00:01 | 019,985,265 | ---- | M] () -- C:\Documents and Settings\how.DELL\Desktop\vlc-1.1.5-win32.exe
[2010/12/21 00:29:45 | 000,000,381 | -H-- | M] () -- F:\MyDocs\PP11Thumbs.ptn2
[2010/12/21 00:29:41 | 000,000,660 | -H-- | M] () -- F:\MyDocs\maxdesk.ini2
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Documents and Settings\how.DELL\*.tmp files -> C:\Documents and Settings\how.DELL\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/09 20:12:22 | 000,001,941 | ---- | C] () -- C:\Documents and Settings\how.DELL\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
[2011/01/09 20:12:22 | 000,001,852 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Shortcut to masterclass.exe.LNK
[2011/01/09 20:12:22 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/01/09 14:04:26 | 019,985,265 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\vlc-1.1.5-win32.exe
[2011/01/09 14:04:25 | 019,657,194 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\vlc-1.1.4-win32.exe
[2011/01/09 14:03:03 | 000,000,616 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\NetMeeting.lnk
[2011/01/09 14:02:47 | 000,001,594 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\KIS Shortcut to setup.exe.lnk
[2011/01/09 14:02:28 | 008,582,044 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\Hydratrade44PLUSFullInstall.zip
[2011/01/09 14:02:28 | 000,377,497 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\hydra marcelo IMG00022-20100423-1019.jpg
[2011/01/09 14:02:28 | 000,076,514 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\Hydra_Layout.reg
[2011/01/09 14:02:28 | 000,000,507 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\Hydratrade.lnk
[2011/01/09 14:02:24 | 003,920,840 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\DownloadManager_1009a.exe
[2011/01/09 14:02:15 | 002,065,160 | ---- | C] () -- C:\Documents and Settings\how.DELL\Desktop\550_InvestmentIncomeExpenses.pdf
[2011/01/09 00:47:03 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\how.DELL\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/05/31 18:48:23 | 000,036,864 | R--- | C] () -- C:\windows\System32\DPPVS.dll
[2010/03/20 19:36:03 | 000,819,200 | ---- | C] () -- C:\windows\System32\xvidcore.dll
[2010/03/20 19:36:03 | 000,180,224 | ---- | C] () -- C:\windows\System32\xvidvfw.dll
[2010/03/17 18:51:05 | 000,000,043 | ---- | C] () -- C:\windows\WALLSTRT.INI
[2010/03/13 09:05:45 | 000,003,244 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2010/02/01 19:25:53 | 000,056,832 | ---- | C] () -- C:\windows\System32\Iyvu9_32.dll
[2010/01/28 22:13:37 | 000,000,420 | ---- | C] () -- C:\windows\_delis32.ini
[2010/01/20 00:10:52 | 000,000,023 | ---- | C] () -- C:\windows\pgplus.ini
[2009/11/20 19:44:08 | 000,000,036 | ---- | C] () -- C:\windows\rasqervy.dll
[2009/11/20 19:44:05 | 000,000,007 | ---- | C] () -- C:\windows\sdfinacs.dll
[2009/11/18 23:09:04 | 000,000,005 | ---- | C] () -- C:\windows\sdfixwcs.dll
[2009/08/27 23:13:15 | 000,000,018 | ---- | C] () -- C:\Program Files\UseDop.ini
[2009/08/25 23:24:10 | 000,000,018 | ---- | C] () -- C:\windows\DirSelUseDop.ini
[2009/08/25 23:22:21 | 000,004,608 | ---- | C] () -- C:\windows\System32\4KV0Y5.DLL
[2009/08/25 23:21:09 | 000,389,120 | ---- | C] () -- C:\windows\System32\MetaLib.dll
[2009/08/11 22:10:46 | 000,000,052 | ---- | C] () -- C:\windows\WinSig.ini
[2009/08/09 11:54:43 | 000,000,000 | ---- | C] () -- C:\windows\Textart.INI
[2009/08/09 11:47:44 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\how.DELL\Application Data\PFP120JPR.{PB
[2009/08/09 11:47:44 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\how.DELL\Application Data\PFP120JCM.{PB
[2009/08/05 20:33:31 | 000,111,724 | ---- | C] () -- C:\Documents and Settings\how.DELL\Local Settings\Application Data\rx_audio.Cache
[2009/07/04 21:34:52 | 000,020,992 | ---- | C] () -- C:\windows\jestertb.dll
[2009/05/10 23:49:33 | 000,000,176 | ---- | C] () -- C:\windows\bi_group.ini
[2009/05/04 20:03:34 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\how.DELL\Application Data\DMX.bmk
[2009/05/03 22:37:31 | 000,000,042 | ---- | C] () -- C:\windows\ib.ini
[2009/05/03 22:37:28 | 000,026,624 | ---- | C] () -- C:\windows\GetIe.dll
[2009/04/29 22:55:55 | 001,462,572 | ---- | C] () -- C:\Documents and Settings\how.DELL\Local Settings\Application Data\rx_image.Cache
[2009/04/21 20:47:26 | 000,215,144 | ---- | C] () -- C:\windows\patchw32.dll
[2009/04/21 20:43:48 | 000,215,144 | ---- | C] () -- C:\windows\pw32a.dll
[2009/04/12 15:00:11 | 000,000,165 | ---- | C] () -- C:\windows\QUICKEN.INI
[2009/04/05 13:17:39 | 000,000,021 | ---- | C] () -- C:\windows\PI4_setup.ini
[2009/03/01 21:50:56 | 000,019,272 | ---- | C] () -- C:\Documents and Settings\how.DELL\Local Settings\Application Data\FASTWiz.html
[2009/02/22 00:03:47 | 000,003,538 | ---- | C] () -- C:\windows\newsbot.ini
[2009/02/08 15:35:04 | 000,961,361 | ---- | C] () -- C:\Documents and Settings\how.DELL\Local Settings\Application Data\FASTWiz.log
[2008/09/08 19:16:03 | 000,140,800 | ---- | C] () -- C:\Documents and Settings\how.DELL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/09/08 18:27:04 | 000,000,002 | ---- | C] () -- C:\windows\msoffice.ini
[2008/09/08 18:06:37 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\how.DELL\Local Settings\Application Data\fusioncache.dat
[2008/05/08 07:19:06 | 000,002,401 | ---- | C] () -- C:\windows\System32\drivers\AlKernel.sys
[2007/08/21 05:22:58 | 000,000,000 | ---- | C] () -- C:\windows\System32\px.ini
[2005/09/01 08:18:20 | 000,106,496 | ---- | C] () -- C:\windows\System32\dlcjinsr.dll
[2005/09/01 08:18:14 | 000,036,864 | ---- | C] () -- C:\windows\System32\dlcjcur.dll
[2005/09/01 08:18:00 | 000,131,072 | ---- | C] () -- C:\windows\System32\dlcjjswr.dll
[2005/09/01 08:17:18 | 000,176,128 | ---- | C] () -- C:\windows\System32\dlcjinsb.dll
[2005/09/01 08:17:14 | 000,086,016 | ---- | C] () -- C:\windows\System32\dlcjcub.dll
[2005/09/01 08:17:08 | 000,073,728 | ---- | C] () -- C:\windows\System32\dlcjcu.dll
[2005/09/01 08:17:06 | 000,155,648 | ---- | C] () -- C:\windows\System32\dlcjins.dll
[2005/09/01 08:15:50 | 000,430,080 | ---- | C] () -- C:\windows\System32\dlcjutil.dll
[2005/07/22 10:54:58 | 000,040,960 | ---- | C] () -- C:\windows\System32\dlcjvs.dll
[2005/07/12 16:37:04 | 000,630,784 | ---- | C] () -- C:\windows\System32\dlcjpmui.dll
[2005/07/12 16:36:12 | 001,183,744 | ---- | C] () -- C:\windows\System32\dlcjserv.dll
[2005/07/12 16:34:22 | 000,491,520 | ---- | C] () -- C:\windows\System32\dlcjlmpm.dll
[2005/07/12 16:34:06 | 000,413,696 | ---- | C] () -- C:\windows\System32\dlcjcomm.dll
[2005/07/12 16:33:08 | 000,114,688 | ---- | C] () -- C:\windows\System32\dlcjpplc.dll
[2005/07/12 16:32:40 | 000,704,512 | ---- | C] () -- C:\windows\System32\dlcjcomc.dll
[2005/07/12 16:32:20 | 000,155,648 | ---- | C] () -- C:\windows\System32\dlcjprox.dll
[2005/07/12 16:29:46 | 001,122,304 | ---- | C] () -- C:\windows\System32\dlcjusb1.dll
[2005/07/12 16:28:22 | 000,770,048 | ---- | C] () -- C:\windows\System32\dlcjhbn3.dll
[2005/06/01 11:53:38 | 000,069,632 | ---- | C] () -- C:\windows\System32\dlcjcfg.dll
[2004/10/09 07:46:40 | 000,000,061 | ---- | C] () -- C:\windows\smscfg.ini
[2004/10/09 07:39:34 | 000,000,138 | ---- | C] () -- C:\windows\wininit.ini
[2004/10/09 07:16:28 | 000,000,517 | ---- | C] () -- C:\windows\System32\OEMINFO.INI
[2004/08/10 13:13:12 | 000,000,832 | ---- | C] () -- C:\windows\ORUN32.INI
[2004/08/10 13:03:52 | 000,004,161 | ---- | C] () -- C:\windows\ODBCINST.INI
[2004/08/04 05:00:00 | 000,001,793 | ---- | C] () -- C:\windows\System32\FXSPERF.INI
[1980/01/01 00:00:00 | 000,086,016 | ---- | C] () -- C:\windows\System32\ati2evxx.dll

========== LOP Check ==========

[2009/06/06 17:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2010/03/20 13:53:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/20 13:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/03/21 22:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2009/10/03 13:39:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/12/14 22:54:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FNET
[2009/03/01 21:07:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/04/18 14:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2009/12/20 17:05:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2009/03/01 21:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mindjet
[2009/03/01 21:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/10/26 09:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle
[2009/08/05 22:29:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/01/09 23:11:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/03/28 22:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/05/02 08:29:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2004/10/09 07:40:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/04/21 22:16:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/11/07 13:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/29 22:02:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/05/06 20:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\PowerFolder
[2010/05/06 20:39:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Research In Motion
[2009/07/12 22:39:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\.metamorphose
[2010/03/20 13:56:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\acccore
[2009/06/07 14:49:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\Acronis
[2010/04/18 08:37:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\Blackberry Desktop
[2009/03/01 21:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\COWON
[2011/01/09 00:06:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\HouseCall 6.6
[2009/05/23 15:10:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\JAM Software
[2009/03/01 21:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\Jarte
[2008/09/08 18:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\Leadertech
[2009/06/18 20:19:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\MPEG Streamclip
[2009/03/01 21:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\NCH Swift Sound
[2009/08/21 21:01:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\OpenOffice.org
[2009/03/01 21:30:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\pdf995
[2011/01/10 07:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\PowerFolder
[2010/01/28 22:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\Research In Motion
[2009/03/01 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\Template
[2009/03/01 21:30:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\Thunderbird
[2010/01/27 21:02:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\TradeStation Technologies
[2011/01/10 00:25:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\uTorrent
[2009/03/22 20:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\how.DELL\Application Data\Zeon
[2010/05/12 22:35:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\howardg\Application Data\PowerFolder
[2010/04/09 06:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\howardg\Application Data\Research In Motion
[2008/08/30 18:49:37 | 000,000,258 | ---- | M] () -- C:\windows\Tasks\ISP signup reminder 1.job

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:AGP440.sys
[2009/02/05 23:36:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:AGP440.sys
[2009/02/05 23:36:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\I386\AGP440.SYS
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp2.cab:atapi.sys
[2009/02/05 23:36:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\I386\sp3.cab:atapi.sys
[2009/02/05 23:36:42 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0012\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\I386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\I386\EVENTLOG.DLL

< MD5 for: IASTOR.SYS >
[2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\DRIVERS\STORAGE\SATA\ONBOARD\IASTOR.SYS
[2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\I386\iaStor.sys
[2004/03/23 12:13:58 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\SYSTEM32\DRIVERS\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\I386\NETLOGON.DLL
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\I386\SCECLI.DLL
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 19:11:53 | 000,380,445 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\expsrv.dll
[2010/11/05 19:26:57 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\iepeers.dll
[2004/08/04 05:00:00 | 001,355,776 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\MSVBVM50.DLL
[2008/04/13 19:12:00 | 001,384,479 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\SYSTEM32\msvbvm60.dll
[2 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/10 12:56:48 | 000,094,208 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.SAV
[2004/08/10 12:56:46 | 000,634,880 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.SAV
[2004/08/10 12:56:46 | 000,872,448 | ---- | M] () -- C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.SAV

< End of report >








OTL Extras logfile created on: 1/10/2011 8:01:46 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Kaspersky virus removal tool
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 159.05 Gb Total Space | 68.22 Gb Free Space | 42.89% Space Free | Partition Type: NTFS
Drive E: | 145.44 Gb Total Space | 9.61 Gb Free Space | 6.61% Space Free | Partition Type: NTFS
Drive F: | 173.77 Gb Total Space | 5.99 Gb Free Space | 3.45% Space Free | Partition Type: NTFS
Drive G: | 982.41 Gb Total Space | 1.49 Gb Free Space | 0.15% Space Free | Partition Type: NTFS
Drive H: | 186.31 Gb Total Space | 2.80 Gb Free Space | 1.50% Space Free | Partition Type: NTFS
Drive K: | 931.51 Gb Total Space | 379.54 Gb Free Space | 40.74% Space Free | Partition Type: NTFS

Computer Name: DELLDESK | User Name: how | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [PowerFolder] -- C:\Program Files\PowerFolder.com\PowerFolder\PowerFolder.exe -p "%1" ()
Directory [Rename with Métamorphose] -- C:\Program Files\metamorphose\metamorphose.exe %L (Ianaré Sévi)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"135:TCP" = 135:TCP:*:Enabled:TCP Port 135
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"5000:TCP" = 5000:TCP:*:Enabled:TCP Port 5000
"5001:TCP" = 5001:TCP:*:Enabled:TCP Port 5001
"5002:TCP" = 5002:TCP:*:Enabled:TCP Port 5002
"5003:TCP" = 5003:TCP:*:Enabled:TCP Port 5003
"5004:TCP" = 5004:TCP:*:Enabled:TCP Port 5004
"5005:TCP" = 5005:TCP:*:Enabled:TCP Port 5005
"5006:TCP" = 5006:TCP:*:Enabled:TCP Port 5006
"5007:TCP" = 5007:TCP:*:Enabled:TCP Port 5007
"5008:TCP" = 5008:TCP:*:Enabled:TCP Port 5008
"5009:TCP" = 5009:TCP:*:Enabled:TCP Port 5009
"5010:TCP" = 5010:TCP:*:Enabled:TCP Port 5010
"5011:TCP" = 5011:TCP:*:Enabled:TCP Port 5011
"5012:TCP" = 5012:TCP:*:Enabled:TCP Port 5012
"5013:TCP" = 5013:TCP:*:Enabled:TCP Port 5013
"5014:TCP" = 5014:TCP:*:Enabled:TCP Port 5014
"5015:TCP" = 5015:TCP:*:Enabled:TCP Port 5015
"5016:TCP" = 5016:TCP:*:Enabled:TCP Port 5016
"5017:TCP" = 5017:TCP:*:Enabled:TCP Port 5017
"5018:TCP" = 5018:TCP:*:Enabled:TCP Port 5018
"5019:TCP" = 5019:TCP:*:Enabled:TCP Port 5019
"5020:TCP" = 5020:TCP:*:Enabled:TCP Port 5020
"56718:TCP" = 56718:TCP:*:Enabled:Pando P2P TCP Listening Port
"56718:UDP" = 56718:UDP:*:Enabled:Pando P2P UDP Listening Port
"4818:TCP" = 4818:TCP:*:Enabled:PowerFolder
"1223:TCP" = 1223:TCP:*:Enabled:PowerFolder
"1337:TCP" = 1337:TCP:*:Enabled:PowerFolder

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe" = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe:*:Enabled:BackWeb-1940576 -- File not found
"C:\Program Files\Dell Photo AIO Printer 964\dlcjaiox.exe" = C:\Program Files\Dell Photo AIO Printer 964\dlcjaiox.exe:*:Enabled:All In One Center -- ()
"C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" = C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe:*:Enabled:Device Monitor -- (Dell)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- File not found
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\Pando Networks\Pando\pando.exe" = C:\Program Files\Pando Networks\Pando\pando.exe:*:Enabled:Pando Application -- File not found
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- File not found
"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- File not found
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\Google\Google Talk\googletalk.exe" = C:\Program Files\Google\Google Talk\googletalk.exe:*:Enabled:Google Talk -- (Google)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\windows\Explorer.EXE" = C:\windows\Explorer.EXE:*:Enabled:enable -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\dlcjcoms.exe" = C:\WINDOWS\SYSTEM32\dlcjcoms.exe:*:Enabled:Dell 964 Server -- ()
"C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dlcjpswx.exe" = C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\dlcjpswx.exe:*:Enabled:Dell 964 Printer Status -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\utorrent185\uTorrent.exe" = C:\utorrent185\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D63EA85-561C-440E-BFA5-D3139CC6D9E6}" = TradeStation 8.7 (Build 3085)
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B683082-8791-4D00-8ADE-6C8986FCCC68}" = Roxio CinePlayer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 15
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java™ 6 Update 13
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{38C90344-B814-480C-B2D3-0773F0F5DBD5}" = Rosetta Stone
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E67A8DA-FE7B-4160-8465-F5571EA18753}" = Roxio Disc Gallery
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4C47B4C3-A19F-49A7-A99C-A61D26965808}" = Dell Photo Printer 540
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{63C98752-1B7D-4C8F-8C70-0B0A29D5ECBF}" = ArcSoft MediaConverter 2.5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{8789BFEB-1EF9-4BF4-BFAB-60C25F8B2677}" = GEAR ISO Burn
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Application Accelerator
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98E46006-B8C6-4540-BB7A-8D28DA0F82B0}" = Tim Ord Volume Charts
"{9A9A1828-31D1-4590-A99F-022B7237AFAE}" = Roxio MediaShare
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A066194B-DC8F-449A-8E0F-B57BDD3A2072}" = SyncToy 2.1 (x86)
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AA1D980C-893E-4D39-A7D8-663B01228E57}" = Knight Direct
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB4A272A-BB63-4EF5-AA27-700E34B56DE6}" = ArcSoft PhotoImpression
"{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}" = Roxio Easy Media Creator 10 Suite
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1212AE3-DBB9-4365-8473-F8ABC7B06BBB}" = Pinnacle Instant DVD Recorder
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Picture Package Music Transfer
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D3A80508-CD83-4CA3-8671-914A1BC78B61}" = Microsoft Sync Framework 2.0 Provider Services (x86) ENU
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E42E14F4-D4BB-4C3E-88DE-CB79A1C003DA}" = MLDownloader
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{F6377647-81AF-41C0-BC7E-06CF37E204AB}" = Roxio Media Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FF63121D-91C6-42CC-B341-F1AA729728E7}" = Microsoft Sync Framework 2.0 Core Components (x86) ENU
"ACDSee95v1" = ACDSee for Windows '95 (uninstall)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"Alaris Trader version 7.0_is1" = Alaris Trader version 7.0
"ATI Display Driver" = ATI Display Driver
"BlackBerry_{7CB1E63B-C999-4D17-8133-E138F41D9ECF}" = BlackBerry Desktop Software 4.6
"CCleaner" = CCleaner (remove only)
"Chart Reading MasterClass" = Chart Reading MasterClass
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"Dell Photo AIO Printer 964" = Dell Photo AIO Printer 964
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"eMule" = eMule
"Flash Movie Player" = Flash Movie Player 1.5
"FLV Player" = FLV Player 2.0 (build 25)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Indeo® software" = Indeo® software
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"InstallShield_{231A1A09-FDF2-45F2-B3D1-964CECE372BC}" = Seagate Manager Installer
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{2E086814-7392-4E0F-ADB8-54A81E47406C}" = Broadcom Advanced Control Suite 2
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{4C47B4C3-A19F-49A7-A99C-A61D26965808}" = Dell Photo Printer 540
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IrfanView" = IrfanView (remove only)
"Karen's Directory Printer" = Karen's Directory Printer
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mobile Media Converter_is1" = MIKSOFT Mobile Media Converter
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PowerFolder" = PowerFolder
"Prism" = Prism Video Converter
"RealPlayer 6.0" = RealPlayer Basic
"SBJV_is1" = SBJV v4.0
"SBNews: News Robot_is1" = SBNews: News Robot v 10.4
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Trade Guider RT V3_is1" = Trade Guider RT V3
"TradeGuider Live" = TradeGuider Live
"Trader Workstation 4.0" = Trader Workstation 4.0
"TreeSize Free_is1" = TreeSize Free V2.3
"TurboHddUsb" = TurboHddUsb
"TurboTax 2008" = TurboTax 2008
"Unlocker" = Unlocker 1.8.7
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"XviD4PSP60" = XviD4PSP 6.0
"ZDSV" = ZD Soft Screen Video Decoder

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2633727236-34183550-2578022322-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Trader Workstation" = Trader Workstation
"TWS Beta (Build 8940)" = TWS Beta (Build 8940)
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/5/2010 4:44:01 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 6/5/2010 5:01:19 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 6/5/2010 5:17:31 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 6/5/2010 5:35:50 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 6/5/2010 5:53:23 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 1/8/2011 11:32:41 PM | Computer Name = DELLDESK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2011 11:32:42 PM | Computer Name = DELLDESK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2011 11:46:07 PM | Computer Name = DELLDESK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2011 11:46:07 PM | Computer Name = DELLDESK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/9/2011 1:27:09 PM | Computer Name = DELLDESK | Source = MsiInstaller | ID = 11306
Description = Product: Jasc Paint Shop Photo Album -- Error 1306.Another application
has exclusive access to the file C:\Program Files\Jasc Software Inc\Paint Shop
Photo Album\asul.dat. Please shut down all other applications, then click Retry.

[ Application Events ]
Error - 6/5/2010 4:44:01 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 6/5/2010 5:01:19 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 6/5/2010 5:17:31 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 6/5/2010 5:35:50 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 6/5/2010 5:53:23 PM | Computer Name = DELLDESK | Source = Automatic LiveUpdate Scheduler | ID = 101
Description = Information Level: error Initialization of the COM subsystem failed.
Error code: 0x8007041F

Error - 1/8/2011 11:32:41 PM | Computer Name = DELLDESK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2011 11:32:42 PM | Computer Name = DELLDESK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2011 11:46:07 PM | Computer Name = DELLDESK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/8/2011 11:46:07 PM | Computer Name = DELLDESK | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.

Error - 1/9/2011 1:27:09 PM | Computer Name = DELLDESK | Source = MsiInstaller | ID = 11306
Description = Product: Jasc Paint Shop Photo Album -- Error 1306.Another application
has exclusive access to the file C:\Program Files\Jasc Software Inc\Paint Shop
Photo Album\asul.dat. Please shut down all other applications, then click Retry.

[ System Events ]
Error - 1/10/2011 12:14:08 AM | Computer Name = DELLDESK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/10/2011 12:14:08 AM | Computer Name = DELLDESK | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 1/10/2011 2:05:53 AM | Computer Name = DELLDESK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 1/10/2011 2:05:53 AM | Computer Name = DELLDESK | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 1/10/2011 2:07:19 AM | Computer Name = DELLDESK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 1/10/2011 2:07:31 AM | Computer Name = DELLDESK | Source = System Error | ID = 1003
Description = Error code 1000008e, parameter1 c0000006, parameter2 bf8c2ce4, parameter3
b799d8f8, parameter4 00000000.

Error - 1/10/2011 2:48:14 AM | Computer Name = DELLDESK | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 1/10/2011 8:13:23 AM | Computer Name = DELLDESK | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 1/10/2011 8:13:23 AM | Computer Name = DELLDESK | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%3

Error - 1/10/2011 8:14:47 AM | Computer Name = DELLDESK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:10 AM

Posted 12 January 2011 - 05:49 PM

Well the issue is more or less resolved


Just to be clear, you are no longer experiencing any symptoms?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:08:10 AM

Posted 18 January 2011 - 05:50 AM

Since this issue appears to be resolved ... this Topic has been closed.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users