Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TR/Kazy.5759.1 [trojan] and TR/Kazy.5759 [trojan] found on my system!


  • This topic is locked This topic is locked
18 replies to this topic

#1 dcole

dcole

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 07 January 2011 - 02:46 AM

A couple months ago, I downloaded a software recently called "CardRunnersEV calculator" (purchased at Cardrunners-ev-calculator.com) which is a complex calculator used for poker analysis. I thought the author of the software was trustworthy, but I recently had problems with the software slowing down and not working problem (the rest of the system was fine though). So, I contacted the author and he said to make an exception for some of the .exe files in the programs directory. That didnt work so he suggested that there must be a conflict with my antivirus software. So I uninstalled Trend Micro Titanium and installed Avira. A couple days after installing Avira (yesterday), Avira alerted me that malware was found in 2 of the .exe files from this software. I then quarantined the files. About an hour later, Avira alerted me that they found 2 instances of adware in a Xvidsetup file, so I also quarantined those. I also went through my files and deleted every instance of the CardrunnersEV program.

I'm not computer savvy and so I wanted to make sure that I in fact removed this trojan properly. It also might be important to note that I contacted the author of CardrunnersEV and he claims that quote "there was a temporary problem that caused version 2.6.2 to generate a false positive, which I've resolved within 24 hours by releasing version 2.6.3." Now since I dont know much about all this stuff, I have no way of knowing if he is just giving me a bogus excuse as to why there is a trojan in his program.

The results of DDS are as follows:


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by DOMINICK at 0:26:28.32 on Fri 01/07/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3839.1994 [GMT -7:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Webroot AntiVirus with Spy Sweeper *Disabled/Outdated* {3A033352-45FD-579C-DF47-2D2DA7A56A3D}
SP: Webroot AntiVirus with Spy Sweeper *Disabled/Outdated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\DOMINICK\AppData\Roaming\Mikogo\Mikogo-Host.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUI.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\splwow64.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\PokerTracker 3\PokerTracker.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PokerTracker 3\PokerTrackerHud.exe
C:\Users\DOMINICK\Downloads\HijackThis.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\DOMINICK\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291
mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291
mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Mikogo] "C:\Users\DOMINICK\AppData\Roaming\Mikogo\Mikogo-Host.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
mRun: [MaxMenuMgr] "C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [SpySweeper] "C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
mRunOnce: [InnoSetupRegFile.0000000001] "C:\Windows\is-LBGCB.exe" /REG
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: bankofamerica.com
Trusted Zone: cox.net\webmail
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon

================= FIREFOX ===================

FF - ProfilePath - C:\Users\DOMINICK\AppData\Roaming\Mozilla\Firefox\Profiles\oozb7kqp.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

============= SERVICES / DRIVERS ===============

R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2010-9-27 401920]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-1-1 135336]
R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-1-1 267944]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2011-1-1 83120]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2010-4-14 243232]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S0 ssfs0bbc;ssfs0bbc;C:\Windows\System32\drivers\ssfs0bbc.sys [2009-11-6 37488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-24 135664]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [2009-11-6 4048240]
S2 WRConsumerService;Webroot Client Service;C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe [2011-1-7 1201640]
S3 B-Service;B-Service;C:\Users\DOMINICK\AppData\Roaming\Mikogo\B-Service.exe [2010-10-23 185640]
S3 rcmirror;rcmirror;C:\Windows\System32\drivers\rcmirror.sys [2010-1-18 4608]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-24 1255736]

=============== Created Last 30 ================

2011-01-07 07:15:44 775168 ----a-w- C:\Windows\is-LBGCB.exe
2011-01-07 07:15:32 -------- d-----w- C:\Program Files (x86)\MSSOAP
2011-01-07 07:15:32 -------- d-----w- C:\Program Files (x86)\Common Files\MSSoap
2011-01-07 07:15:22 1563008 ----a-w- C:\Windows\WRSetup.dll
2011-01-07 07:15:22 -------- d-----w- C:\Users\DOMINICK\AppData\Roaming\Webroot
2011-01-07 07:15:22 -------- d-----w- C:\Program Files (x86)\Webroot
2011-01-07 07:15:22 -------- d-----w- C:\PROGRA~3\Webroot
2011-01-02 06:25:47 -------- d-----w- C:\Users\DOMINICK\AppData\Roaming\Avira
2011-01-02 06:11:06 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2011-01-02 06:11:06 -------- d-----w- C:\Program Files (x86)\Avira
2011-01-02 06:11:06 -------- d-----w- C:\PROGRA~3\Avira
2010-12-28 10:00:39 -------- d-----w- C:\Users\DOMINICK\AppData\Local\Secunia PSI
2010-12-28 10:00:31 -------- d-----w- C:\Program Files (x86)\Secunia
2010-12-28 09:20:19 -------- d-----w- C:\Users\DOMINICK\AppData\Roaming\Malwarebytes
2010-12-28 09:20:14 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-28 09:20:13 -------- d-----w- C:\PROGRA~3\Malwarebytes
2010-12-28 09:20:10 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-28 09:20:10 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-12-28 08:52:31 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2010-12-28 08:44:39 -------- d-----w- C:\NVIDIA
2010-12-28 08:19:30 -------- d-----w- C:\PROGRA~3\Comodo
2010-12-28 08:19:22 -------- d-----w- C:\Program Files\COMODO
2010-12-28 08:19:21 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2010-12-22 06:33:34 -------- d-----w- C:\Users\DOMINICK\AppData\Local\Combonator
2010-12-22 06:33:18 -------- d-----w- C:\Program Files (x86)\Combonator
2010-12-18 00:46:33 -------- d-----w- C:\Users\DOMINICK\.matplotlib
2010-12-18 00:46:32 -------- d-----w- C:\Users\DOMINICK\AppData\Local\Slice
2010-12-18 00:45:51 -------- d-----w- C:\Program Files (x86)\evplusplus
2010-12-11 18:06:18 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2010-12-10 08:00:36 539968 ----a-w- C:\PROGRA~3\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

==================== Find3M ====================

2010-12-28 07:35:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-11-30 00:38:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2010-11-21 02:05:45 0 ----a-w- C:\Windows\SysWow64\ConduitEngine.tmp
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 0:27:00.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:31 AM

Posted 12 January 2011 - 09:15 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome to Bleeping Computer. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Windows 7 Advice:

All applications I ask to be used will require to be run in Administrator mode. IE: Right click on and select Run as Administrator.

The Operating System in use comes with a inbuilt utility called User Access Control(UAC) when prompted by this with anything I ask you to do carry out please select the option Allow.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Security Application Check:

Please download and save SecurityCheck.exe to your Desktop from one of the links below.

Link 1
Link 2

  • Right-click SecurityCheck.exe and select Run as Administrator then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document in your next reply.
Scan with OTL:

Please download OTL and save it to your Desktop.

Alternate downloads are here and here.

  • Right-click on OTL.exe and select Run as Administrator to start OTL.
  • Ensure Include 64bit Scans is selected.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • SecurityCheck Log.
  • Both OTL logs. <-- Post them individually please, IE: one Log per post/reply.


#3 dcole

dcole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 12 January 2011 - 07:42 PM

My computer is performing great and I have no apparent symptoms. There never were any symptoms; only my antivirus software alerting me of the trojan in the CardrunnersEV_T.exe and CardrunnersEV_C.exe files. And as I said before, the author of the program insists that there was never a trojan in the program, only that a mistake made by him caused a "false positive" to take place, thereby creating some of the same patterns as a trojan.

I will post the logs in seperate replies in the following order:

1) SecurityCheck
2) OTL.txt
3) Extras.txt

Results of screen317's Security Check version 0.99.8
Windows 7 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Avira AntiVir Personal - Free Antivirus
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 23
Adobe Flash Player 10.1.102.64
Adobe Reader 9.4.1 MUI
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.13)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
``````````End of Log````````````

OTL logfile created on: 1/12/2011 5:34:25 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\DOMINICK\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 239.35 Gb Free Space | 53.47% Space Free | Partition Type: NTFS

Computer Name: DOMINICK-PC | User Name: DOMINICK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\DOMINICK\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe ()
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\PokerTracker 3\PokerTrackerHud.exe (PokerTracker Software, LLC.)
PRC - C:\Program Files (x86)\PokerTracker 3\PokerTracker.exe (PokerTracker Software, LLC.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Users\DOMINICK\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe (PostgreSQL Global Development Group)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))
PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\DOMINICK\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (B-Service) -- C:\Users\DOMINICK\AppData\Roaming\Mikogo\B-Service.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (pgsql-8.3) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group)
SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))
SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)
SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (ssidrv) -- C:\Windows\SysNative\drivers\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (ssfs0bbc) -- C:\Windows\SysNative\drivers\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (AGERESoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-54446515-174391785-3553096299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291
IE - HKU\S-1-5-21-54446515-174391785-3553096299-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-54446515-174391785-3553096299-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-54446515-174391785-3553096299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-54446515-174391785-3553096299-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 13:25:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/15 13:25:02 | 000,000,000 | ---D | M]

[2010/09/28 18:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMINICK\AppData\Roaming\Mozilla\Extensions
[2011/01/12 08:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMINICK\AppData\Roaming\Mozilla\Firefox\Profiles\oozb7kqp.default\extensions
[2011/01/05 21:27:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\DOMINICK\AppData\Roaming\Mozilla\Firefox\Profiles\oozb7kqp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/01/12 08:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/23 15:29:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/12/28 00:37:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/12/28 00:36:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/01/07 00:55:04 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-54446515-174391785-3553096299-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-54446515-174391785-3553096299-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-54446515-174391785-3553096299-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-54446515-174391785-3553096299-1000..\Run: [Mikogo] C:\Users\DOMINICK\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)
O4 - HKU\S-1-5-21-54446515-174391785-3553096299-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-54446515-174391785-3553096299-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-54446515-174391785-3553096299-1003..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-54446515-174391785-3553096299-1003..\RunOnce: [ScrSav] C:\Program Files (x86)\eMachines\Screensaver\run_eMachines.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-54446515-174391785-3553096299-1000\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-54446515-174391785-3553096299-1000\..Trusted Domains: cox.net ([webmail] https in Trusted sites)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/11 11:03:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011/01/11 11:03:37 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011/01/11 11:03:36 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011/01/11 11:03:36 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011/01/11 11:03:36 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011/01/11 11:03:36 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011/01/11 11:03:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/01/11 11:03:36 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/01/11 11:03:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/01/11 11:03:35 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011/01/11 11:03:35 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011/01/11 11:03:35 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011/01/11 11:03:35 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/01/11 11:03:35 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011/01/11 11:03:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011/01/11 11:03:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011/01/11 11:03:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011/01/11 11:03:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011/01/11 11:03:34 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011/01/11 11:03:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011/01/11 11:03:30 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/01/11 11:03:29 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/01/07 00:15:44 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll
[2011/01/07 00:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2011/01/07 00:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP
[2011/01/07 00:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2011/01/07 00:15:22 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2011/01/07 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Roaming\Webroot
[2011/01/07 00:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2011/01/07 00:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2011/01/01 23:25:47 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Roaming\Avira
[2011/01/01 23:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011/01/01 23:11:06 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011/01/01 23:11:06 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011/01/01 23:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/01/01 23:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/12/28 03:00:39 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Local\Secunia PSI
[2010/12/28 03:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2010/12/28 02:51:31 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\Documents\COMPUTER
[2010/12/28 02:20:19 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Roaming\Malwarebytes
[2010/12/28 02:20:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/28 02:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2010/12/28 02:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/12/28 02:20:10 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/28 02:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/12/28 01:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2010/12/28 01:44:39 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/12/28 01:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/12/28 01:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/12/28 01:19:21 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2010/12/28 00:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010/12/28 00:36:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/28 00:36:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/28 00:36:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/21 23:33:34 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Local\Combonator
[2010/12/21 23:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combonator
[2010/12/21 23:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combonator
[2010/12/21 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Roaming\Amazon
[2010/12/17 17:46:33 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\.matplotlib
[2010/12/17 17:46:32 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Local\Slice
[2010/12/17 17:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\evplusplus
[2010/12/17 17:45:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\evplusplus
[2010/12/14 14:30:14 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010/12/14 14:30:14 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010/12/14 14:30:14 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010/12/14 14:30:14 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010/12/14 14:30:14 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010/12/14 14:30:14 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010/12/14 14:30:14 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010/12/14 14:30:14 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010/12/14 14:30:11 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/12/14 14:30:11 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/12/14 14:30:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/12/14 14:30:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/12/14 14:30:06 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010/12/14 14:30:06 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010/12/14 14:30:02 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010/12/14 14:29:54 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010/12/14 14:29:54 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010/12/14 14:29:53 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010/12/14 14:29:53 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010/12/14 14:29:53 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010/12/14 14:29:53 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010/12/14 14:29:53 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010/12/14 14:29:53 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010/12/14 14:29:53 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010/12/14 14:29:53 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010/12/14 14:29:53 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010/12/14 14:29:53 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010/12/14 14:29:52 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010/12/14 14:29:52 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2 C:\Users\DOMINICK\Documents\*.tmp files -> C:\Users\DOMINICK\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/12 17:15:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/12 16:02:26 | 000,039,473 | ---- | M] () -- C:\Users\DOMINICK\Documents\websites.docx
[2011/01/12 15:59:51 | 000,000,162 | -H-- | M] () -- C:\Users\DOMINICK\Documents\~$bsites.docx
[2011/01/12 15:09:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/12 08:49:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/12 08:49:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/11 21:31:12 | 000,031,152 | ---- | M] () -- C:\Users\DOMINICK\Documents\QUOTES.docx
[2011/01/11 21:29:56 | 000,000,162 | -H-- | M] () -- C:\Users\DOMINICK\Documents\~$QUOTES.docx
[2011/01/11 19:22:57 | 000,811,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/11 19:22:57 | 000,684,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/11 19:22:57 | 000,128,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/11 19:19:10 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/11 19:18:30 | 3019,399,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/10 13:22:09 | 000,102,841 | ---- | M] () -- C:\Users\DOMINICK\Documents\POSITIVE THINKING.docx
[2011/01/10 13:21:35 | 000,024,751 | ---- | M] () -- C:\Users\DOMINICK\Documents\GOALS.docx
[2011/01/08 22:45:45 | 000,066,227 | ---- | M] () -- C:\Users\DOMINICK\Documents\book and movie list.docx
[2011/01/07 01:00:03 | 000,001,686 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_LC3A79944028B4E54A2F52EB93B871C2A.job
[2011/01/07 00:55:04 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/01/07 00:15:44 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk
[2011/01/07 00:15:23 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe
[2011/01/07 00:15:12 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2011/01/06 23:44:35 | 000,001,074 | ---- | M] () -- C:\Users\DOMINICK\Desktop\PokerTracker 3.lnk
[2011/01/06 23:12:55 | 000,015,872 | ---- | M] () -- C:\Users\DOMINICK\Documents\survival tools and tips.wps
[2011/01/06 22:35:31 | 000,009,728 | ---- | M] () -- C:\Users\DOMINICK\Documents\no name.wps
[2011/01/06 16:49:28 | 000,005,120 | ---- | M] () -- C:\Users\DOMINICK\Documents\ssn #'s.wps
[2011/01/04 23:01:51 | 000,023,983 | ---- | M] () -- C:\Users\DOMINICK\Documents\LETTER TO PETE.docx
[2011/01/01 23:11:13 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/30 22:13:52 | 000,014,001 | ---- | M] () -- C:\Users\DOMINICK\Documents\WINE.docx
[2010/12/29 23:52:15 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2010/12/28 03:00:33 | 000,001,111 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2010/12/28 02:20:15 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/28 01:19:21 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2010/12/28 00:35:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010/12/28 00:35:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010/12/28 00:35:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010/12/28 00:35:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010/12/21 23:33:25 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Combonator.lnk
[2010/12/21 17:11:00 | 000,030,208 | ---- | M] () -- C:\Users\DOMINICK\Documents\CREATING YOUR DREAM EXERCISES.wps
[2010/12/20 20:12:31 | 000,018,124 | ---- | M] () -- C:\Users\DOMINICK\Documents\MUSIC.docx
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/20 01:32:10 | 000,033,739 | ---- | M] () -- C:\Users\DOMINICK\Documents\THINGS TO DO.docx
[2010/12/20 01:27:00 | 000,043,008 | ---- | M] () -- C:\Users\DOMINICK\Documents\SALES, PERSAUSION AND NEGOTIATION.wps
[2010/12/17 17:46:28 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Slice.lnk
[2010/12/16 14:37:43 | 000,030,156 | ---- | M] () -- C:\Users\DOMINICK\Documents\HEALTHY LIVING AND IMPROVING ENERGY LEVEL.docx
[2010/12/15 13:25:07 | 000,001,968 | ---- | M] () -- C:\Users\DOMINICK\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/12/15 13:25:07 | 000,001,944 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/12/15 04:27:42 | 000,424,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/15 00:15:56 | 000,009,216 | ---- | M] () -- C:\Users\DOMINICK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/14 21:34:20 | 000,000,162 | -H-- | M] () -- C:\Users\DOMINICK\Documents\~$INGS TO DO.docx
[2 C:\Users\DOMINICK\Documents\*.tmp files -> C:\Users\DOMINICK\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/12 15:59:51 | 000,000,162 | -H-- | C] () -- C:\Users\DOMINICK\Documents\~$bsites.docx
[2011/01/11 21:29:56 | 000,000,162 | -H-- | C] () -- C:\Users\DOMINICK\Documents\~$QUOTES.docx
[2011/01/07 00:54:56 | 000,001,686 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_LC3A79944028B4E54A2F52EB93B871C2A.job
[2011/01/07 00:15:44 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk
[2011/01/07 00:15:25 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe
[2011/01/07 00:15:11 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2011/01/04 22:58:29 | 000,023,983 | ---- | C] () -- C:\Users\DOMINICK\Documents\LETTER TO PETE.docx
[2011/01/01 23:11:13 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010/12/30 22:13:51 | 000,014,001 | ---- | C] () -- C:\Users\DOMINICK\Documents\WINE.docx
[2010/12/29 22:49:05 | 000,024,751 | ---- | C] () -- C:\Users\DOMINICK\Documents\GOALS.docx
[2010/12/28 03:00:33 | 000,001,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2010/12/28 02:20:15 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/12/21 23:33:25 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Combonator.lnk
[2010/12/17 17:46:28 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\Slice.lnk
[2010/12/14 21:34:20 | 000,000,162 | -H-- | C] () -- C:\Users\DOMINICK\Documents\~$INGS TO DO.docx
[2010/10/27 00:18:31 | 000,009,216 | ---- | C] () -- C:\Users\DOMINICK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/22 17:01:18 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/10/22 17:01:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/10/19 13:17:32 | 000,004,945 | ---- | C] () -- C:\ProgramData\kmytnfun.aqy
[2010/10/17 20:30:08 | 000,004,129 | ---- | C] () -- C:\ProgramData\demlcosg.ecd
[2010/10/06 19:06:32 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll
[2010/09/27 21:02:52 | 000,747,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/09/27 00:08:14 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010/09/25 14:33:43 | 000,000,126 | ---- | C] () -- C:\Users\DOMINICK\AppData\Roaming\wklnhst.dat
[2010/08/26 22:58:14 | 007,173,388 | ---- | C] () -- C:\Users\DOMINICK\AppData\Roaming\bppenu11.log
[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/03/22 14:50:50 | 000,076,407 | ---- | C] () -- C:\Users\DOMINICK\AppData\Roaming\Smiley.ico
[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll
[2007/03/16 22:30:04 | 000,000,000 | ---- | C] () -- C:\Users\DOMINICK\AppData\Local\QSwitch.txt
[2007/03/16 22:30:04 | 000,000,000 | ---- | C] () -- C:\Users\DOMINICK\AppData\Local\DSwitch.txt
[2007/03/16 22:30:04 | 000,000,000 | ---- | C] () -- C:\Users\DOMINICK\AppData\Local\AtStart.txt

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

OTL Extras logfile created on: 1/12/2011 5:34:25 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\DOMINICK\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free
7.00 Gb Paging File | 5.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.66 Gb Total Space | 239.35 Gb Free Space | 53.47% Space Free | Partition Type: NTFS

Computer Name: DOMINICK-PC | User Name: DOMINICK | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-54446515-174391785-3553096299-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{79BF7CB8-1E09-489F-9547-DB3EE8EA3F16}" = Microsoft SQL Server Native Client
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{86177DAE-38B1-49DD-912E-35CB703AB779}" = Microsoft SQL Server VSS Writer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1E8A5FB7-0573-4083-823B-B4E31962F0BC}_is1" = Combonator version 1.2.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Spy Sweeper
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3a351e64-0f2e-4f51-919a-4f41ae58cd04}" = Nero 9 Essentials
"{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_OUTLOOKR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_OUTLOOKR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_OUTLOOKR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_OUTLOOKR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_OUTLOOKR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_OUTLOOKR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2007
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-001A-0000-0000-0000000FF1CE}_OUTLOOKR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.4.1 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7192336-2052-4F4C-9AA1-74E87879B602}_is1" = Slice 1.4.7
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"Canon MX870 series User Registration" = Canon MX870 series User Registration
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"eMachines Game Console" = eMachines Game Console
"eMachines Registration" = eMachines Registration
"eMachines Screensaver" = eMachines ScreenSaver
"eMachines Welcome Center" = Welcome Center
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{3F5CFC1C-653B-4B22-9153-2BDDF2E03C0E}" = Seagate Manager Installer
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OUTLOOKR" = Microsoft Office Outlook 2007
"PokerStars" = PokerStars
"PokerTracker3" = PokerTracker 3 (remove only)
"Secunia PSI" = Secunia PSI (2.0.0.1003)
"Speed Dial Utility" = Canon Speed Dial Utility
"SystemRequirementsLab" = System Requirements Lab
"WildTangent emachines Master Uninstall" = eMachines Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT078910" = Bejeweled 2 Deluxe
"WT078930" = Zuma Deluxe
"WT078954" = Blackhawk Striker 2
"WT078962" = Bob the Builder Can-Do-Zoo
"WT079018" = Faerie Solitaire
"WT079066" = Jewel Quest Solitaire 3
"WT079098" = Monopoly
"WT079102" = Mystery P.I. - Lost in Los Angeles
"WT079106" = Penguins!
"WT079110" = Plants vs. Zombies
"WT079114" = Polar Bowler
"WT079118" = Polar Golfer
"WT079150" = Scrabble Plus
"WT079175" = Virtual Villagers - A New Home
"WT079180" = Yahtzee
"WT079283" = Build-a-lot 2
"WT079316" = Escape Rosecliff Island
"WT079418" = Virtual Families
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-54446515-174391785-3553096299-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/6/2011 11:04:18 AM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/6/2011 11:04:18 AM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11264

Error - 1/6/2011 11:04:18 AM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11264

Error - 1/6/2011 11:04:19 AM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/6/2011 11:04:19 AM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12262

Error - 1/6/2011 11:04:19 AM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12262

Error - 1/6/2011 7:55:07 PM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = 212: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/6/2011 7:55:07 PM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = 216: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/6/2011 7:55:07 PM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = 348: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/6/2011 7:55:07 PM | Computer Name = DOMINICK-PC | Source = Bonjour Service | ID = 100
Description = 472: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ OSession Events ]
Error - 12/23/2010 2:47:37 PM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 90561
seconds with 1200 seconds of active time. This session ended with a crash.

Error - 12/26/2010 3:02:17 PM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 159130
seconds with 540 seconds of active time. This session ended with a crash.

Error - 12/27/2010 11:03:02 PM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 115223
seconds with 2340 seconds of active time. This session ended with a crash.

Error - 12/30/2010 6:17:41 PM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 164149
seconds with 8100 seconds of active time. This session ended with a crash.

Error - 1/1/2011 5:44:29 PM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 152723
seconds with 180 seconds of active time. This session ended with a crash.

Error - 1/2/2011 2:17:19 PM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 42676
seconds with 60 seconds of active time. This session ended with a crash.

Error - 1/5/2011 4:24:08 AM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 121251
seconds with 900 seconds of active time. This session ended with a crash.

Error - 1/8/2011 3:51:57 AM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 86174
seconds with 960 seconds of active time. This session ended with a crash.

Error - 1/9/2011 2:39:34 PM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 125233
seconds with 480 seconds of active time. This session ended with a crash.

Error - 1/11/2011 1:54:51 PM | Computer Name = DOMINICK-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6548.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 78141
seconds with 1140 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/27/2010 8:46:42 AM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/27/2010 1:51:06 PM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/27/2010 10:28:43 PM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/30/2010 5:19:27 PM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/31/2010 8:20:51 AM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 12/31/2010 11:50:06 AM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 12/31/2010 3:17:33 PM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the Netman service.

Error - 1/1/2011 3:31:56 PM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.

Error - 1/2/2011 2:11:25 AM | Computer Name = DOMINICK-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for Start with the following error:
%%5

Error - 1/6/2011 7:58:42 PM | Computer Name = DOMINICK-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 20
Description = A fatal hardware error has occurred. Component: AMD Northbridge Error
Source: 3 Error Type: 2 Processor ID: 0 The details view of this entry contains further
information.


< End of report >

Edited by dcole, 12 January 2011 - 07:45 PM.


#4 dcole

dcole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 12 January 2011 - 07:48 PM

P.S. Whats the deal with the fatal hardware error listed at the very end of the above posts under "system events?"

#5 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:31 AM

Posted 13 January 2011 - 07:51 AM

Hi. :)

P.S. Whats the deal with the fatal hardware error listed at the very end of the above posts under "system events?"

I am not completely sure to be honest, it may be related to either the actual chip-set(motherboard and memory etc) or a PSU(power supply unit) issue for example. Overall this is not something I can provide advice about I'm afraid as my area of expertise is Anti-Malware support. My best advice would be when I give the all clear in this topic, post a new topic in this part of the forum:-

Internal Hardware

And one of the excellent BC Tech Staff will assist you. By all means include a link to this topic and mention I advised you seek assistance about this.

This topic URL:-

http://www.bleepingcomputer.com/forums/topic371857.html/page__pid__2083548#entry2083548

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to Install ERUNT by following the prompts.
  • Use the default install settings but say No to the portion that asks you to add ERUNT to the Start-Up folder.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
Note: If it is necessary to restore the registry, open the backup folder and start ERDNT.exe

Custom OTL Script:

  • Right-click OTL.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes

:OTL
IE - HKU\S-1-5-21-54446515-174391785-3553096299-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-54446515-174391785-3553096299-1003..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
[2 C:\Users\DOMINICK\Documents\*.tmp files -> C:\Users\DOMINICK\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Start Explorer]
[Reboot]
  • Return to OTL, right-click in the Custom Scans/Fixes window (under the cyan bar) and choose Paste.
  • Then click the red Run Fix button.
  • Let the program run unhindered.
  • If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Malwarebytes Anti-Malware:

Note: Remember to right click MBAM and select Run As Administrator.

  • Launch the application, Check for Updates >> Perform a Quick Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

When completed the above, please post back the following in the order asked for:

  • How is you computer performing now, any further symptoms and or problems encountered?
  • OTL Log from the Custom Script.
  • Malwarebytes Anti-Malware Log.


#6 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:31 AM

Posted 17 January 2011 - 08:19 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

#7 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:31 AM

Posted 18 January 2011 - 05:23 PM

This topic has been re-opened at the request of the person who originally posted.

#8 dcole

dcole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 18 January 2011 - 08:41 PM

THE OTL FIX LOG:

Error: Unable to interpret <OTL logfile created on: 1/18/2011 6:28:42 PM - Run 2> in the current context!
Error: Unable to interpret <OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\DOMINICK\Downloads> in the current context!
Error: Unable to interpret <64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation> in the current context!
Error: Unable to interpret <Internet Explorer (Version = 8.0.7600.16385)> in the current context!
Error: Unable to interpret <Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 47.00% Memory free> in the current context!
Error: Unable to interpret <7.00 Gb Paging File | 5.00 Gb Available in Paging File | 64.00% Paging File free> in the current context!
Error: Unable to interpret <Paging file location(s): ?:\pagefile.sys [binary data]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)> in the current context!
Error: Unable to interpret <Drive C: | 447.66 Gb Total Space | 234.32 Gb Free Space | 52.34% Space Free | Partition Type: NTFS> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <Computer Name: DOMINICK-PC | User Name: DOMINICK | Logged in as Administrator.> in the current context!
Error: Unable to interpret <Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans> in the current context!
Error: Unable to interpret <Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Processes (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <PRC - C:\Users\DOMINICK\Downloads\OTL(2).exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\PokerTracker 3\PokerTrackerHud.exe (PokerTracker Software, LLC.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\PokerTracker 3\PokerTracker.exe (PokerTracker Software, LLC.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)> in the current context!
Error: Unable to interpret <PRC - C:\Users\DOMINICK\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\iTunes\iTunes.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Webroot\WebrootSecurity\SSU.exe (Webroot Software, Inc. (www.webroot.com))> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\PokerStove\PokerStove.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Modules (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <MOD - C:\Users\DOMINICK\Downloads\OTL(2).exe (OldTimer Tools)> in the current context!
Error: Unable to interpret <MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Win32 Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <SRV:64bit: - (postgresql-x64-9.0) -- C:\Program Files\PostgreSQL\9.0\bin\pg_ctl.exe (PostgreSQL Global Development Group)> in the current context!
Error: Unable to interpret <SRV:64bit: - (Updater Service) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe (Acer Group)> in the current context!
Error: Unable to interpret <SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (WRConsumerService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\WRConsumerService.exe (Webroot Software, Inc. )> in the current context!
Error: Unable to interpret <SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)> in the current context!
Error: Unable to interpret <SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)> in the current context!
Error: Unable to interpret <SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <SRV - (B-Service) -- C:\Users\DOMINICK\AppData\Roaming\Mikogo\B-Service.exe ()> in the current context!
Error: Unable to interpret <SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)> in the current context!
Error: Unable to interpret <SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)> in the current context!
Error: Unable to interpret <SRV - (FreeAgentGoNext Service) -- C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)> in the current context!
Error: Unable to interpret <SRV - (WebrootSpySweeperService) -- C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (Webroot Software, Inc. (www.webroot.com))> in the current context!
Error: Unable to interpret <SRV - (Amazon Download Agent) -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe (Amazon.com)> in the current context!
Error: Unable to interpret <SRV - (GameConsoleService) -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe (WildTangent, Inc.)> in the current context!
Error: Unable to interpret <SRV - (Greg_Service) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe (Acer Incorporated)> in the current context!
Error: Unable to interpret <SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <SRV - (BcmSqlStartupSvc) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Driver Services (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)> in the current context!
Error: Unable to interpret <DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)> in the current context!
Error: Unable to interpret <DRV:64bit: - (rcmirror) -- C:\Windows\SysNative\drivers\rcmirror.sys (Windows ® Win 7 DDK provider)> in the current context!
Error: Unable to interpret <DRV:64bit: - (ssidrv) -- C:\Windows\SysNative\drivers\ssidrv.sys (Webroot Software, Inc. (www.webroot.com))> in the current context!
Error: Unable to interpret <DRV:64bit: - (ssfs0bbc) -- C:\Windows\SysNative\drivers\ssfs0bbc.sys (Webroot Software, Inc. (www.webroot.com))> in the current context!
Error: Unable to interpret <DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)> in the current context!
Error: Unable to interpret <DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)> in the current context!
Error: Unable to interpret <DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)> in the current context!
Error: Unable to interpret <DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)> in the current context!
Error: Unable to interpret <DRV:64bit: - (AGERESoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()> in the current context!
Error: Unable to interpret <DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)> in the current context!
Error: Unable to interpret <DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)> in the current context!
Error: Unable to interpret <DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Standard Registry (SafeList) ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Internet Explorer ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291> in the current context!
Error: Unable to interpret <IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm> in the current context!
Error: Unable to interpret <IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=0409&m=el1352&r=17360910z606p0465v145r46k1s291> in the current context!
Error: Unable to interpret <IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/> in the current context!
Error: Unable to interpret <IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0> in the current context!
Error: Unable to interpret <IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== FireFox ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - prefs.js..browser.startup.homepage: "http://www.google.com/"> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.3> in the current context!
Error: Unable to interpret <FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.type: 0> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/15 13:25:05 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret <FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/15 13:25:02 | 000,000,000 | ---D | M]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2010/09/28 18:43:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMINICK\AppData\Roaming\Mozilla\Extensions> in the current context!
Error: Unable to interpret <[2011/01/18 11:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\DOMINICK\AppData\Roaming\Mozilla\Firefox\Profiles\oozb7kqp.default\extensions> in the current context!
Error: Unable to interpret <[2011/01/05 21:27:16 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\DOMINICK\AppData\Roaming\Mozilla\Firefox\Profiles\oozb7kqp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}> in the current context!
Error: Unable to interpret <[2011/01/18 11:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions> in the current context!
Error: Unable to interpret <[2010/10/23 15:29:00 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}> in the current context!
Error: Unable to interpret <[2010/12/28 00:37:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}> in the current context!
Error: Unable to interpret <[2010/12/28 00:36:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <O1 HOSTS File: ([2011/01/07 00:55:04 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.> in the current context!
Error: Unable to interpret <O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)> in the current context!
Error: Unable to interpret <O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files (x86)\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)> in the current context!
Error: Unable to interpret <O4 - HKLM..\Run: [SpySweeper] C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [Mikogo] C:\Users\DOMINICK\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)> in the current context!
Error: Unable to interpret <O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0> in the current context!
Error: Unable to interpret <O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0> in the current context!
Error: Unable to interpret <O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)> in the current context!
Error: Unable to interpret <O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)> in the current context!
Error: Unable to interpret <O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O13 - gopher Prefix: missing> in the current context!
Error: Unable to interpret <O15 - HKCU\..Trusted Domains: bankofamerica.com ([]https in Trusted sites)> in the current context!
Error: Unable to interpret <O15 - HKCU\..Trusted Domains: cox.net ([webmail] https in Trusted sites)> in the current context!
Error: Unable to interpret <O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)> in the current context!
Error: Unable to interpret <O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)> in the current context!
Error: Unable to interpret <O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)> in the current context!
Error: Unable to interpret <O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)> in the current context!
Error: Unable to interpret <O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret <O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found> in the current context!
Error: Unable to interpret <O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O34 - HKLM BootExecute: (autocheck autochk *) - File not found> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35:64bit: - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..comfile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O35 - HKLM\..exefile [open] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...com [@ = comfile] -- "%1" %*> in the current context!
Error: Unable to interpret <O37 - HKLM\...exe [@ = exefile] -- "%1" %*> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files/Folders - Created Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011/01/18 18:25:13 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\DOMINICK\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2011/01/18 13:17:53 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT> in the current context!
Error: Unable to interpret <[2011/01/18 13:17:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT> in the current context!
Error: Unable to interpret <[2011/01/18 13:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT> in the current context!
Error: Unable to interpret <[2011/01/18 13:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.0> in the current context!
Error: Unable to interpret <[2011/01/18 12:59:38 | 000,000,000 | ---D | C] -- C:\Program Files\PostgreSQL> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:37 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:37 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:36 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:36 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:36 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:36 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:36 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:36 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:36 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:35 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:35 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:35 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:35 | 000,283,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:35 | 000,258,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:35 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:35 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:34 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:34 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:30 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll> in the current context!
Error: Unable to interpret <[2011/01/11 11:03:29 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:44 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSSOAP> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:22 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Roaming\Webroot> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot> in the current context!
Error: Unable to interpret <[2011/01/01 23:25:47 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Roaming\Avira> in the current context!
Error: Unable to interpret <[2011/01/01 23:11:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira> in the current context!
Error: Unable to interpret <[2011/01/01 23:11:06 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys> in the current context!
Error: Unable to interpret <[2011/01/01 23:11:06 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys> in the current context!
Error: Unable to interpret <[2011/01/01 23:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira> in the current context!
Error: Unable to interpret <[2011/01/01 23:11:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira> in the current context!
Error: Unable to interpret <[2010/12/28 03:00:39 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Local\Secunia PSI> in the current context!
Error: Unable to interpret <[2010/12/28 03:00:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia> in the current context!
Error: Unable to interpret <[2010/12/28 02:51:31 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\Documents\COMPUTER> in the current context!
Error: Unable to interpret <[2010/12/28 02:20:19 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Roaming\Malwarebytes> in the current context!
Error: Unable to interpret <[2010/12/28 02:20:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys> in the current context!
Error: Unable to interpret <[2010/12/28 02:20:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret <[2010/12/28 02:20:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes> in the current context!
Error: Unable to interpret <[2010/12/28 02:20:10 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[2010/12/28 02:20:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware> in the current context!
Error: Unable to interpret <[2010/12/28 01:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab> in the current context!
Error: Unable to interpret <[2010/12/28 01:44:39 | 000,000,000 | ---D | C] -- C:\NVIDIA> in the current context!
Error: Unable to interpret <[2010/12/28 01:19:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo> in the current context!
Error: Unable to interpret <[2010/12/28 01:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO> in the current context!
Error: Unable to interpret <[2010/12/28 01:19:21 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll> in the current context!
Error: Unable to interpret <[2010/12/28 00:37:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java> in the current context!
Error: Unable to interpret <[2010/12/28 00:36:49 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe> in the current context!
Error: Unable to interpret <[2010/12/28 00:36:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe> in the current context!
Error: Unable to interpret <[2010/12/28 00:36:49 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe> in the current context!
Error: Unable to interpret <[2010/12/21 23:33:34 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Local\Combonator> in the current context!
Error: Unable to interpret <[2010/12/21 23:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combonator> in the current context!
Error: Unable to interpret <[2010/12/21 23:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combonator> in the current context!
Error: Unable to interpret <[2010/12/21 16:42:21 | 000,000,000 | ---D | C] -- C:\Users\DOMINICK\AppData\Roaming\Amazon> in the current context!
Error: Unable to interpret <[2 C:\Users\DOMINICK\Documents\*.tmp files -> C:\Users\DOMINICK\Documents\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files - Modified Within 30 Days ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011/01/18 18:25:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\DOMINICK\Desktop\OTL.exe> in the current context!
Error: Unable to interpret <[2011/01/18 18:15:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <[2011/01/18 16:13:58 | 000,103,667 | ---- | M] () -- C:\Users\DOMINICK\Documents\POSITIVE THINKING.docx> in the current context!
Error: Unable to interpret <[2011/01/18 16:09:24 | 000,044,032 | ---- | M] () -- C:\Users\DOMINICK\Documents\SALES, PERSAUSION AND NEGOTIATION.wps> in the current context!
Error: Unable to interpret <[2011/01/18 16:08:22 | 000,031,612 | ---- | M] () -- C:\Users\DOMINICK\Documents\QUOTES.docx> in the current context!
Error: Unable to interpret <[2011/01/18 13:56:46 | 000,031,191 | ---- | M] () -- C:\Users\DOMINICK\Documents\HEALTHY LIVING AND IMPROVING ENERGY LEVEL.docx> in the current context!
Error: Unable to interpret <[2011/01/18 13:22:52 | 000,811,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2011/01/18 13:22:52 | 000,684,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat> in the current context!
Error: Unable to interpret <[2011/01/18 13:22:52 | 000,128,438 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat> in the current context!
Error: Unable to interpret <[2011/01/18 13:17:13 | 000,000,929 | ---- | M] () -- C:\Users\DOMINICK\Desktop\NTREGOPT.lnk> in the current context!
Error: Unable to interpret <[2011/01/18 13:17:13 | 000,000,910 | ---- | M] () -- C:\Users\DOMINICK\Desktop\ERUNT.lnk> in the current context!
Error: Unable to interpret <[2011/01/18 13:15:55 | 000,040,528 | ---- | M] () -- C:\Users\DOMINICK\Documents\websites.docx> in the current context!
Error: Unable to interpret <[2011/01/18 12:19:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat> in the current context!
Error: Unable to interpret <[2011/01/17 19:25:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <[2011/01/17 13:51:12 | 000,024,954 | ---- | M] () -- C:\Users\DOMINICK\Documents\GOALS.docx> in the current context!
Error: Unable to interpret <[2011/01/17 13:51:06 | 000,000,162 | -H-- | M] () -- C:\Users\DOMINICK\Documents\~$GOALS.docx> in the current context!
Error: Unable to interpret <[2011/01/17 13:20:11 | 000,067,133 | ---- | M] () -- C:\Users\DOMINICK\Documents\book and movie list.docx> in the current context!
Error: Unable to interpret <[2011/01/14 20:19:01 | 000,000,162 | -H-- | M] () -- C:\Users\DOMINICK\Documents\~$ALTHY LIVING AND IMPROVING ENERGY LEVEL.docx> in the current context!
Error: Unable to interpret <[2011/01/14 01:00:02 | 000,001,686 | ---- | M] () -- C:\Windows\tasks\wrSpySweeper_LC3A79944028B4E54A2F52EB93B871C2A.job> in the current context!
Error: Unable to interpret <[2011/01/12 08:49:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2011/01/12 08:49:48 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0> in the current context!
Error: Unable to interpret <[2011/01/11 21:29:56 | 000,000,162 | -H-- | M] () -- C:\Users\DOMINICK\Documents\~$QUOTES.docx> in the current context!
Error: Unable to interpret <[2011/01/11 19:18:30 | 3019,399,168 | -HS- | M] () -- C:\hiberfil.sys> in the current context!
Error: Unable to interpret <[2011/01/07 00:55:04 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:44 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:23 | 000,017,264 | ---- | M] () -- C:\Windows\SysNative\SsiEfr.exe> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:12 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat> in the current context!
Error: Unable to interpret <[2011/01/06 23:44:35 | 000,001,074 | ---- | M] () -- C:\Users\DOMINICK\Desktop\PokerTracker 3.lnk> in the current context!
Error: Unable to interpret <[2011/01/06 23:12:55 | 000,015,872 | ---- | M] () -- C:\Users\DOMINICK\Documents\survival tools and tips.wps> in the current context!
Error: Unable to interpret <[2011/01/06 22:35:31 | 000,009,728 | ---- | M] () -- C:\Users\DOMINICK\Documents\no name.wps> in the current context!
Error: Unable to interpret <[2011/01/06 16:49:28 | 000,005,120 | ---- | M] () -- C:\Users\DOMINICK\Documents\ssn #'s.wps> in the current context!
Error: Unable to interpret <[2011/01/04 23:01:51 | 000,023,983 | ---- | M] () -- C:\Users\DOMINICK\Documents\LETTER TO PETE.docx> in the current context!
Error: Unable to interpret <[2011/01/01 23:11:13 | 000,002,071 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk> in the current context!
Error: Unable to interpret <[2010/12/30 22:13:52 | 000,014,001 | ---- | M] () -- C:\Users\DOMINICK\Documents\WINE.docx> in the current context!
Error: Unable to interpret <[2010/12/29 23:52:15 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk> in the current context!
Error: Unable to interpret <[2010/12/28 03:00:33 | 000,001,111 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk> in the current context!
Error: Unable to interpret <[2010/12/28 02:20:15 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk> in the current context!
Error: Unable to interpret <[2010/12/28 01:19:21 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll> in the current context!
Error: Unable to interpret <[2010/12/28 00:35:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe> in the current context!
Error: Unable to interpret <[2010/12/28 00:35:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe> in the current context!
Error: Unable to interpret <[2010/12/28 00:35:58 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe> in the current context!
Error: Unable to interpret <[2010/12/28 00:35:57 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll> in the current context!
Error: Unable to interpret <[2010/12/21 23:33:25 | 000,001,036 | ---- | M] () -- C:\Users\Public\Desktop\Combonator.lnk> in the current context!
Error: Unable to interpret <[2010/12/21 17:11:00 | 000,030,208 | ---- | M] () -- C:\Users\DOMINICK\Documents\CREATING YOUR DREAM EXERCISES.wps> in the current context!
Error: Unable to interpret <[2010/12/20 20:12:31 | 000,018,124 | ---- | M] () -- C:\Users\DOMINICK\Documents\MUSIC.docx> in the current context!
Error: Unable to interpret <[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys> in the current context!
Error: Unable to interpret <[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys> in the current context!
Error: Unable to interpret <[2010/12/20 01:32:10 | 000,033,739 | ---- | M] () -- C:\Users\DOMINICK\Documents\THINGS TO DO.docx> in the current context!
Error: Unable to interpret <[2 C:\Users\DOMINICK\Documents\*.tmp files -> C:\Users\DOMINICK\Documents\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]> in the current context!
Error: Unable to interpret <[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Files Created - No Company Name ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <[2011/01/18 13:17:13 | 000,000,929 | ---- | C] () -- C:\Users\DOMINICK\Desktop\NTREGOPT.lnk> in the current context!
Error: Unable to interpret <[2011/01/18 13:17:13 | 000,000,910 | ---- | C] () -- C:\Users\DOMINICK\Desktop\ERUNT.lnk> in the current context!
Error: Unable to interpret <[2011/01/17 13:51:06 | 000,000,162 | -H-- | C] () -- C:\Users\DOMINICK\Documents\~$GOALS.docx> in the current context!
Error: Unable to interpret <[2011/01/14 20:19:01 | 000,000,162 | -H-- | C] () -- C:\Users\DOMINICK\Documents\~$ALTHY LIVING AND IMPROVING ENERGY LEVEL.docx> in the current context!
Error: Unable to interpret <[2011/01/11 21:29:56 | 000,000,162 | -H-- | C] () -- C:\Users\DOMINICK\Documents\~$QUOTES.docx> in the current context!
Error: Unable to interpret <[2011/01/07 00:54:56 | 000,001,686 | ---- | C] () -- C:\Windows\tasks\wrSpySweeper_LC3A79944028B4E54A2F52EB93B871C2A.job> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:44 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:25 | 000,017,264 | ---- | C] () -- C:\Windows\SysNative\SsiEfr.exe> in the current context!
Error: Unable to interpret <[2011/01/07 00:15:11 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat> in the current context!
Error: Unable to interpret <[2011/01/04 22:58:29 | 000,023,983 | ---- | C] () -- C:\Users\DOMINICK\Documents\LETTER TO PETE.docx> in the current context!
Error: Unable to interpret <[2011/01/01 23:11:13 | 000,002,071 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk> in the current context!
Error: Unable to interpret <[2010/12/30 22:13:51 | 000,014,001 | ---- | C] () -- C:\Users\DOMINICK\Documents\WINE.docx> in the current context!
Error: Unable to interpret <[2010/12/29 22:49:05 | 000,024,954 | ---- | C] () -- C:\Users\DOMINICK\Documents\GOALS.docx> in the current context!
Error: Unable to interpret <[2010/12/28 03:00:33 | 000,001,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk> in the current context!
Error: Unable to interpret <[2010/12/28 02:20:15 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk> in the current context!
Error: Unable to interpret <[2010/12/21 23:33:25 | 000,001,036 | ---- | C] () -- C:\Users\Public\Desktop\Combonator.lnk> in the current context!
Error: Unable to interpret <[2010/10/27 00:18:31 | 000,009,216 | ---- | C] () -- C:\Users\DOMINICK\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini> in the current context!
Error: Unable to interpret <[2010/10/22 17:01:18 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll> in the current context!
Error: Unable to interpret <[2010/10/22 17:01:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll> in the current context!
Error: Unable to interpret <[2010/10/19 13:17:32 | 000,004,945 | ---- | C] () -- C:\ProgramData\kmytnfun.aqy> in the current context!
Error: Unable to interpret <[2010/10/17 20:30:08 | 000,004,129 | ---- | C] () -- C:\ProgramData\demlcosg.ecd> in the current context!
Error: Unable to interpret <[2010/10/06 19:06:32 | 000,020,992 | ---- | C] () -- C:\Windows\jestertb.dll> in the current context!
Error: Unable to interpret <[2010/09/27 21:02:52 | 000,747,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI> in the current context!
Error: Unable to interpret <[2010/09/27 00:08:14 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf> in the current context!
Error: Unable to interpret <[2010/09/25 14:33:43 | 000,000,126 | ---- | C] () -- C:\Users\DOMINICK\AppData\Roaming\wklnhst.dat> in the current context!
Error: Unable to interpret <[2010/08/26 22:58:14 | 007,173,388 | ---- | C] () -- C:\Users\DOMINICK\AppData\Roaming\bppenu11.log> in the current context!
Error: Unable to interpret <[2009/11/06 12:00:28 | 000,031,088 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll> in the current context!
Error: Unable to interpret <[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll> in the current context!
Error: Unable to interpret <[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll> in the current context!
Error: Unable to interpret <[2009/03/22 14:50:50 | 000,076,407 | ---- | C] () -- C:\Users\DOMINICK\AppData\Roaming\Smiley.ico> in the current context!
Error: Unable to interpret <[2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\Windows\HPBroker.dll> in the current context!
Error: Unable to interpret <[2007/03/16 22:30:04 | 000,000,000 | ---- | C] () -- C:\Users\DOMINICK\AppData\Local\QSwitch.txt> in the current context!
Error: Unable to interpret <[2007/03/16 22:30:04 | 000,000,000 | ---- | C] () -- C:\Users\DOMINICK\AppData\Local\DSwitch.txt> in the current context!
Error: Unable to interpret <[2007/03/16 22:30:04 | 000,000,000 | ---- | C] () -- C:\Users\DOMINICK\AppData\Local\AtStart.txt> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <========== Alternate Data Streams ==========> in the current context!
Error: Unable to interpret < > in the current context!
Error: Unable to interpret <@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1> in the current context!
Error: Unable to interpret << End of report >> in the current context!

OTL by OldTimer - Version 3.2.20.2 log created on 01182011_183459

#9 dcole

dcole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 18 January 2011 - 08:43 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5508

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/18/2011 6:40:56 PM
mbam-log-2011-01-18 (18-40-56).txt

Scan type: Quick scan
Objects scanned: 174531
Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#10 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:31 AM

Posted 19 January 2011 - 04:23 AM

Hi. :)

It looks like you had OTL create a new log then placed a copy of that log under Custom Scans/Fixes and then clicked on Run Fix.

You actually need to use this custom script below as outlined here also.

:Processes

:OTL
IE - HKU\S-1-5-21-54446515-174391785-3553096299-1000\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - Reg Error: Key error. File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-21-54446515-174391785-3553096299-1003..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
[2 C:\Users\DOMINICK\Documents\*.tmp files -> C:\Users\DOMINICK\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

:Files
ipconfig /flushdns /c

:Commands
[Purity]
[ResetHosts]
[EmptyFlash]
[EmptyTemp]
[CreateRestorePoint]
[Start Explorer]
[Reboot]
So to reiterate, copy the script above from the code-box, then paste it under under Custom Scans/Fixes and then click on Run Fix.

If OTL asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.

Note: The logfile can also be located C: >> _OTL >> MovedFiles >> DD/DD/DD TT/TT.txt <-- denotes date/time log created.

Next:

When you ran the Quick Scan with Malwarebytes' Anti-Malware, you neglected to check for updates beforehand, as you performed the scan with a out of date definition database.

Please run another Quick Scan Malwarebytes' Anti-Malware after you have run the custom OTL script above but make sure this time to check for updates with Malwarebytes' Anti-Malware first, then post the log from the OTL custom script and a new Malwarebytes' Anti-Malware Log.

If any problems encountered and or you do not understand the above instructions, merely inform myself and we will try a different approach. :thumbup2:

#11 dcole

dcole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 19 January 2011 - 03:18 PM

Could you tell me what this custom script is and its function?

#12 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:31 AM

Posted 19 January 2011 - 05:55 PM

Hi. :)

Could you tell me what this custom script is and its function?

Basically it relates to entries I researched from the prior set of OTL logs I asked your good self to provide, the aforementioned I deem prudent to be removed from your machine. Plus some specific commands which are either security related and or beneficial with regard to system maintenance. If you are interested there is a tutorial here which explains further but my friendly advice would be do not attempt creating a custom script yourself without training less you remove something Operating System critical by mistake.

Any further questions? Feel free to ask, if not please follow my advice/instructions here when ready, thank you.

#13 dcole

dcole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 20 January 2011 - 12:53 AM

So the custom script removes items from my registry? If so, what items did you feel needed to be removed? Because it doesnt appear that any malware is affecting my system. I just wanted someone to help me make sure that potentially dangerous software I downloaded awhile back didnt truly affect my system. Do you have any conclusions on the logs already provided?

#14 Dakeyras

Dakeyras

    Anti-Malware Mammoth


  • Malware Response Team
  • 368 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Tundra
  • Local time:10:31 AM

Posted 20 January 2011 - 09:18 AM

Hi. :)

So the custom script removes items from my registry? If so, what items did you feel needed to be removed? Because it doesnt appear that any malware is affecting my system. I just wanted someone to help me make sure that potentially dangerous software I downloaded awhile back didnt truly affect my system. Do you have any conclusions on the logs already provided?

All the items targeted for removal are what is known as orphaned entries as in they are a reference to specific registry related entries that are either settings and or files that are no longer present. Which are prudent to remove to err on the side of caution.

As for malware being present on your machine, no so far I am not detecting such. The malware removal process I personally adhere too, will be complete with a final check via a online check with a independent online scanner to further ascertain your machine is not infected. If it is of any further assurance I have been providing Anti-Malware support for over three years in various forums, so I do have a fair amount of experience.

Please follow my advice/instructions here when ready, thank you.

#15 dcole

dcole
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:31 AM

Posted 20 January 2011 - 06:18 PM

Since I dont know if I am even infected with malware, should I just abort the malware removal process since my AV software and Malwarebytes has found no infections? It sounds like this removal process is for computers that are for sure infected. Mine is not likely infected, and my goal was mainly to find out whether there is an infection that the AV software and Malwarebytes didnt detect.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users