Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 susieged

susieged

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 04 February 2011 - 10:27 PM

I have completed the steps in the Preparation Guide and will post all results. While using hotmail, the page will automatically change to the Dell search page "this website cannot be displayed" along with other sites selections. It will be a random url...sometimes admt....not even a site I was looking for. It has gotten to the point where I can barely see the webpage before it redirects. It started out in hotmail, now it is redirecting whenever I try to go to any website. It is also extremely slow. Below is the DDSAttached File  Attach.txt   16.18KB   1 downloads report along with the attach txt and ark.txt. I would appreciate any help you can give me. I did have this same problem about 6 months ago that SYLER helped me with. Unfortunately, my system restore was not saving restore points and I was unable to restore to the "virus free" state. Thak you, Susie




DDS (Ver_10-12-12.02) - NTFSx86
Run by Mom at 11:54:06.13 on Fri 02/04/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1335 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\dvd43\dvd43_tray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Mom\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20101106111023.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [dvd43] c:\program files\dvd43\dvd43_tray.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} - hxxp://web1.shutterfly.com/downloads/Uploader.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://www.samsphotoclub.com/upload/FujifilmUploadClient.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} - hxxp://a.download.toontown.com/sv1.0.38.34/ttinst.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-25 386840]
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2006-11-6 6097]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-8-25 84072]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-4-29 210216]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-25 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-25 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-8-25 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-25 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-25 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-25 141792]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-25 55840]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-25 152960]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-25 52104]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-25 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 88544]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-8-25 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-25 84264]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2006-11-6 299923]

=============== Created Last 30 ================

2011-02-04 16:29:30 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-02-04 16:29:30 -------- d-----w- c:\windows\system32\wbem\Repository
2011-01-12 12:32:46 -------- d-----w- c:\program files\iPod
2011-01-12 12:16:44 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-01-12 12:16:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-01-12 12:16:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-01-12 12:16:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-01-12 12:16:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-01-12 12:16:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-01-12 12:16:43 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

==================== Find3M ====================

2010-11-29 22:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 22:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-22 21:56:23 2812 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll

============= FINISH: 11:55:38.99 ===============

Attached Files

  • Attached File  ark.txt   3.21KB   6 downloads


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:34 AM

Posted 07 February 2011 - 07:43 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 susieged

susieged
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 07 February 2011 - 08:19 PM

Hi, I got your message and am ready to start:) Thank you! Susie

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:34 AM

Posted 08 February 2011 - 07:42 PM

Let's start with a rootkit scanner

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\

Posted Image
m0le is a proud member of UNITE

#5 susieged

susieged
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 08 February 2011 - 10:24 PM

Ran with no problem. No threats found. Here is the report. Susie



2011/02/08 22:23:24.0953 2716 TDSS rootkit removing tool 2.4.16.0 Feb 1 2011 10:34:03
2011/02/08 22:23:25.0875 2716 ================================================================================
2011/02/08 22:23:25.0875 2716 SystemInfo:
2011/02/08 22:23:25.0875 2716
2011/02/08 22:23:25.0875 2716 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/08 22:23:25.0875 2716 Product type: Workstation
2011/02/08 22:23:25.0875 2716 ComputerName: SUSIE
2011/02/08 22:23:25.0875 2716 UserName: Mom
2011/02/08 22:23:25.0875 2716 Windows directory: C:\WINDOWS
2011/02/08 22:23:25.0875 2716 System windows directory: C:\WINDOWS
2011/02/08 22:23:25.0875 2716 Processor architecture: Intel x86
2011/02/08 22:23:25.0875 2716 Number of processors: 2
2011/02/08 22:23:25.0875 2716 Page size: 0x1000
2011/02/08 22:23:25.0875 2716 Boot type: Normal boot
2011/02/08 22:23:25.0875 2716 ================================================================================
2011/02/08 22:23:35.0921 2716 Initialize success
2011/02/08 22:23:39.0015 0220 ================================================================================
2011/02/08 22:23:39.0015 0220 Scan started
2011/02/08 22:23:39.0015 0220 Mode: Manual;
2011/02/08 22:23:39.0015 0220 ================================================================================
2011/02/08 22:23:39.0718 0220 61883 (914a9709fc3bf419ad2f85547f2a4832) C:\WINDOWS\system32\DRIVERS\61883.sys
2011/02/08 22:23:39.0781 0220 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/02/08 22:23:39.0828 0220 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/08 22:23:39.0875 0220 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/08 22:23:39.0937 0220 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/02/08 22:23:40.0015 0220 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/08 22:23:40.0125 0220 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/08 22:23:40.0156 0220 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/02/08 22:23:40.0187 0220 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/02/08 22:23:40.0218 0220 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/02/08 22:23:40.0250 0220 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/02/08 22:23:40.0281 0220 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/02/08 22:23:40.0375 0220 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/02/08 22:23:40.0390 0220 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/02/08 22:23:40.0421 0220 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/02/08 22:23:40.0437 0220 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/02/08 22:23:40.0484 0220 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/08 22:23:40.0531 0220 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/02/08 22:23:40.0546 0220 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/02/08 22:23:40.0578 0220 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/02/08 22:23:40.0625 0220 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys
2011/02/08 22:23:40.0734 0220 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/08 22:23:40.0781 0220 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/08 22:23:40.0828 0220 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/08 22:23:40.0875 0220 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/08 22:23:40.0906 0220 Avc (f8e6956a614f15a0860474c5e2a7de6b) C:\WINDOWS\system32\DRIVERS\avc.sys
2011/02/08 22:23:40.0953 0220 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/08 22:23:41.0015 0220 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/02/08 22:23:41.0046 0220 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/08 22:23:41.0078 0220 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/02/08 22:23:41.0109 0220 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/02/08 22:23:41.0125 0220 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/08 22:23:41.0156 0220 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/08 22:23:41.0171 0220 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/08 22:23:41.0234 0220 cfwids (7e6f7da1c4de5680820f964562548949) C:\WINDOWS\system32\drivers\cfwids.sys
2011/02/08 22:23:41.0312 0220 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/02/08 22:23:41.0343 0220 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/02/08 22:23:41.0390 0220 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/02/08 22:23:41.0421 0220 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/02/08 22:23:41.0468 0220 DeviceScanner (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/08 22:23:41.0515 0220 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/08 22:23:41.0562 0220 DLABOIOM (e2d0de31442390c35e3163c87cb6a9eb) C:\WINDOWS\system32\DLA\DLABOIOM.SYS
2011/02/08 22:23:41.0593 0220 DLACDBHM (d979bebcf7edcc9c9ee1857d1a68c67b) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2011/02/08 22:23:41.0609 0220 DLADResN (83545593e297f50a8e2524b4c071a153) C:\WINDOWS\system32\DLA\DLADResN.SYS
2011/02/08 22:23:41.0671 0220 DLAIFS_M (96e01d901cdc98c7817155cc057001bf) C:\WINDOWS\system32\DLA\DLAIFS_M.SYS
2011/02/08 22:23:41.0703 0220 DLAOPIOM (0a60a39cc5e767980a31ca5d7238dfa9) C:\WINDOWS\system32\DLA\DLAOPIOM.SYS
2011/02/08 22:23:41.0796 0220 DLAPoolM (9fe2b72558fc808357f427fd83314375) C:\WINDOWS\system32\DLA\DLAPoolM.SYS
2011/02/08 22:23:41.0859 0220 DLARTL_N (7ee0852ae8907689df25049dcd2342e8) C:\WINDOWS\system32\Drivers\DLARTL_N.SYS
2011/02/08 22:23:41.0890 0220 DLAUDFAM (f08e1dafac457893399e03430a6a1397) C:\WINDOWS\system32\DLA\DLAUDFAM.SYS
2011/02/08 22:23:41.0921 0220 DLAUDF_M (e7d105ed1e694449d444a9933df8e060) C:\WINDOWS\system32\DLA\DLAUDF_M.SYS
2011/02/08 22:23:42.0031 0220 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/08 22:23:42.0078 0220 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/08 22:23:42.0125 0220 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/08 22:23:42.0156 0220 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/08 22:23:42.0203 0220 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/02/08 22:23:42.0234 0220 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/08 22:23:42.0265 0220 DRVMCDB (fd0f95981fef9073659d8ec58e40aa3c) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2011/02/08 22:23:42.0296 0220 DRVNDDM (b4869d320428cdc5ec4d7f5e808e99b5) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2011/02/08 22:23:42.0421 0220 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/02/08 22:23:42.0578 0220 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\WINDOWS\system32\DRIVERS\dsunidrv.sys
2011/02/08 22:23:42.0640 0220 dvd43llh (1fc1eed3ea0c3a0ecf8a95b97e1b4831) C:\WINDOWS\system32\DRIVERS\dvd43llh.sys
2011/02/08 22:23:42.0765 0220 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/02/08 22:23:42.0828 0220 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/08 22:23:42.0875 0220 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/08 22:23:42.0921 0220 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/08 22:23:42.0984 0220 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/08 22:23:43.0015 0220 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/08 22:23:43.0046 0220 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/08 22:23:43.0078 0220 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/08 22:23:43.0125 0220 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/02/08 22:23:43.0234 0220 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/08 22:23:43.0281 0220 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/02/08 22:23:43.0312 0220 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/08 22:23:43.0359 0220 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/02/08 22:23:43.0406 0220 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/02/08 22:23:43.0468 0220 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/02/08 22:23:43.0781 0220 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/08 22:23:43.0859 0220 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/02/08 22:23:43.0906 0220 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/02/08 22:23:43.0921 0220 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/08 22:23:44.0000 0220 ialm (5a8e05f1d5c36abd58cffa111eb325ea) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/02/08 22:23:44.0046 0220 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/08 22:23:44.0109 0220 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/02/08 22:23:44.0156 0220 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/08 22:23:44.0187 0220 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/08 22:23:44.0218 0220 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/08 22:23:44.0265 0220 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/08 22:23:44.0312 0220 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/08 22:23:44.0359 0220 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/08 22:23:44.0390 0220 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/08 22:23:44.0421 0220 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/08 22:23:44.0453 0220 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/08 22:23:44.0500 0220 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/08 22:23:44.0515 0220 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/02/08 22:23:44.0546 0220 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/08 22:23:44.0593 0220 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/08 22:23:44.0671 0220 MASPINT (a2ae666cee860babe7fa6f1662b71737) C:\WINDOWS\system32\drivers\MASPINT.sys
2011/02/08 22:23:44.0796 0220 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/02/08 22:23:44.0843 0220 mfeapfk (84d59a3eddfb9438fb94f7f80d37859d) C:\WINDOWS\system32\drivers\mfeapfk.sys
2011/02/08 22:23:44.0875 0220 mfeavfk (67e961988312b1a28d6f93357b0bf998) C:\WINDOWS\system32\drivers\mfeavfk.sys
2011/02/08 22:23:44.0984 0220 mfebopk (19161b1796cf74a6a326abde309062ba) C:\WINDOWS\system32\drivers\mfebopk.sys
2011/02/08 22:23:45.0015 0220 mfefirek (d5f89b4934960c70882924d992c6abfc) C:\WINDOWS\system32\drivers\mfefirek.sys
2011/02/08 22:23:45.0078 0220 mfehidk (0efab2b91b27543fe589de700de07136) C:\WINDOWS\system32\drivers\mfehidk.sys
2011/02/08 22:23:45.0093 0220 mfendisk (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/08 22:23:45.0109 0220 mfendiskmp (549dd4966bf0b1d1fc205ca0755a745b) C:\WINDOWS\system32\DRIVERS\mfendisk.sys
2011/02/08 22:23:45.0156 0220 mferkdet (c9eda1eada2ab6e34cd1a10c3a24ab25) C:\WINDOWS\system32\drivers\mferkdet.sys
2011/02/08 22:23:45.0187 0220 mfetdi2k (e6c5f7aade5a31c057d73201acfe8adf) C:\WINDOWS\system32\drivers\mfetdi2k.sys
2011/02/08 22:23:45.0234 0220 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
2011/02/08 22:23:45.0375 0220 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/08 22:23:45.0437 0220 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/08 22:23:45.0453 0220 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/02/08 22:23:45.0546 0220 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/02/08 22:23:45.0593 0220 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/08 22:23:45.0640 0220 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/08 22:23:45.0656 0220 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/08 22:23:45.0703 0220 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/02/08 22:23:45.0734 0220 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/08 22:23:45.0796 0220 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/02/08 22:23:45.0843 0220 MSDV (1477849772712bac69c144dcf2c9ce81) C:\WINDOWS\system32\DRIVERS\msdv.sys
2011/02/08 22:23:45.0875 0220 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/08 22:23:45.0906 0220 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/08 22:23:45.0937 0220 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/08 22:23:45.0953 0220 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/08 22:23:46.0000 0220 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/08 22:23:46.0046 0220 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/02/08 22:23:46.0078 0220 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/08 22:23:46.0109 0220 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/02/08 22:23:46.0156 0220 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/08 22:23:46.0203 0220 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/02/08 22:23:46.0234 0220 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/08 22:23:46.0250 0220 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/08 22:23:46.0296 0220 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/08 22:23:46.0328 0220 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/08 22:23:46.0343 0220 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/08 22:23:46.0390 0220 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/08 22:23:46.0437 0220 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/08 22:23:46.0468 0220 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/08 22:23:46.0515 0220 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/08 22:23:46.0562 0220 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/08 22:23:46.0640 0220 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/08 22:23:46.0703 0220 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/08 22:23:46.0734 0220 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/08 22:23:46.0750 0220 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/08 22:23:46.0796 0220 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/08 22:23:46.0968 0220 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/08 22:23:47.0015 0220 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/08 22:23:47.0031 0220 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/08 22:23:47.0093 0220 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/08 22:23:47.0125 0220 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/08 22:23:47.0171 0220 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/08 22:23:47.0281 0220 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/02/08 22:23:47.0312 0220 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/02/08 22:23:47.0375 0220 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/08 22:23:47.0406 0220 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/08 22:23:47.0437 0220 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/08 22:23:47.0484 0220 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/08 22:23:47.0515 0220 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/02/08 22:23:47.0546 0220 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/02/08 22:23:47.0578 0220 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/02/08 22:23:47.0609 0220 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/02/08 22:23:47.0625 0220 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/02/08 22:23:47.0671 0220 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/08 22:23:47.0687 0220 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/08 22:23:47.0718 0220 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/08 22:23:47.0734 0220 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/08 22:23:47.0765 0220 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/08 22:23:47.0796 0220 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/08 22:23:47.0828 0220 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/02/08 22:23:47.0875 0220 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/08 22:23:47.0921 0220 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/08 22:23:48.0031 0220 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/02/08 22:23:48.0093 0220 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/02/08 22:23:48.0203 0220 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/08 22:23:48.0250 0220 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/08 22:23:48.0281 0220 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/08 22:23:48.0312 0220 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/08 22:23:48.0375 0220 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/02/08 22:23:48.0390 0220 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/02/08 22:23:48.0437 0220 sonyhcb (e78cd3bb53a208dfab8fc826384307e0) C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
2011/02/08 22:23:48.0484 0220 sonyhcs (610f515fcd95d37f3252e1c250ef8c61) C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
2011/02/08 22:23:48.0546 0220 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/02/08 22:23:48.0562 0220 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/02/08 22:23:48.0609 0220 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/08 22:23:48.0625 0220 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/08 22:23:48.0703 0220 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/08 22:23:48.0796 0220 STHDA (0aa91bbe468b3f46072091f18003ecaa) C:\WINDOWS\system32\drivers\sthda.sys
2011/02/08 22:23:48.0859 0220 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/02/08 22:23:48.0890 0220 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/08 22:23:48.0921 0220 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/08 22:23:48.0968 0220 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/02/08 22:23:49.0000 0220 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/02/08 22:23:49.0015 0220 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/02/08 22:23:49.0062 0220 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/02/08 22:23:49.0109 0220 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/08 22:23:49.0187 0220 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/08 22:23:49.0218 0220 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/08 22:23:49.0250 0220 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/08 22:23:49.0296 0220 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/08 22:23:49.0375 0220 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/02/08 22:23:49.0437 0220 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/08 22:23:49.0484 0220 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/02/08 22:23:49.0531 0220 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/08 22:23:49.0625 0220 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/08 22:23:49.0656 0220 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/08 22:23:49.0687 0220 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/08 22:23:49.0734 0220 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/08 22:23:49.0765 0220 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/08 22:23:49.0781 0220 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/08 22:23:49.0812 0220 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/08 22:23:49.0859 0220 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/08 22:23:49.0875 0220 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/08 22:23:49.0906 0220 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/08 22:23:49.0921 0220 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/02/08 22:23:49.0968 0220 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/08 22:23:49.0984 0220 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/08 22:23:50.0031 0220 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/08 22:23:50.0281 0220 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/08 22:23:50.0484 0220 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/08 22:23:50.0546 0220 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/02/08 22:23:50.0640 0220 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
2011/02/08 22:23:50.0671 0220 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/02/08 22:23:50.0718 0220 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/08 22:23:50.0765 0220 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/08 22:23:51.0125 0220 ================================================================================
2011/02/08 22:23:51.0125 0220 Scan finished
2011/02/08 22:23:51.0125 0220 ================================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:34 AM

Posted 09 February 2011 - 04:06 PM

Now please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 susieged

susieged
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 10 February 2011 - 01:38 PM

HI, I just wanted to run this by you. The other computers in my house were having issues with "internet explorer not able to display the webpage". After some researching, I unplugged the rueter and it took care of the problems. It also seems to have stopped my computer from redirecting. Is it possible the virus was in that process and is now resolved? My computer hasn't redirected even once since I "reset" the reuter. I don't want to put you or my computer through any unnecessary trouble. Let me know what you think. Susie

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:34 AM

Posted 10 February 2011 - 02:18 PM

Yes, it's very probable that the router reset has cleared the redirection but there may still be malware on board. However, Combofix is probably not appropriate at this stage. Please run OTL instead

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

Posted Image
m0le is a proud member of UNITE

#9 susieged

susieged
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 10 February 2011 - 05:26 PM

Here are the reports...

OTL logfile created on: 2/10/2011 5:11:02 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.09 Gb Total Space | 71.60 Gb Free Space | 66.85% Space Free | Partition Type: NTFS
Drive D: | 37.02 Gb Total Space | 36.96 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 41.09 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 92.93 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 37.80 Gb Free Space | 8.12% Space Free | Partition Type: NTFS

Computer Name: SUSIE | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonyhcs) -- C:\WINDOWS\system32\drivers\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/05/14 21:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/21 22:56:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/24 15:06:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106111023.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044 (SonyOnlineInstallerX)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.34/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:43:26 | 000,000,000 | R--D | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/24 15:30:50 | 000,000,067 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/10 17:07:33 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 11:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/10 11:08:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/02/10 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/10 11:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/10 03:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/08 22:22:41 | 001,360,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/02/04 11:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\gmer
[2011/01/31 12:34:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Videos
[2011/01/27 19:21:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Pictures
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/14 23:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\New Folder (3)
[2011/01/12 07:33:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/12 07:32:46 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/12 07:16:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/12 07:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2006/10/15 15:16:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mom\Application Data\pcouffin.sys
[2006/09/16 14:53:12 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/09/05 13:42:34 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/09/05 13:42:34 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/09/05 13:42:34 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/09/05 13:42:34 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/09/05 13:42:34 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/09/05 13:42:32 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/09/05 13:42:32 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/09/05 13:42:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/10 17:07:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 17:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/10 03:26:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/10 03:25:56 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/02/10 03:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 03:25:30 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 03:25:30 | 000,567,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:09:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 03:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/08 22:21:42 | 001,246,371 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/05 12:15:53 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/05 10:51:17 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/04 11:57:17 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:09 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2011/02/04 11:50:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:15:48 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/01 14:22:10 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Logon.url
[2011/02/01 10:36:00 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/01/26 13:44:05 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/12 07:33:47 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/12 07:16:30 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 22:21:38 | 001,246,371 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/04 22:30:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:57:15 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:07 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2011/01/12 07:33:47 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/01/12 07:16:30 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/09/08 10:46:03 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/28 22:43:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/28 22:43:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/28 11:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/06 19:57:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/16 16:53:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2007/11/04 09:07:06 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/10/10 07:06:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/06/09 18:38:09 | 000,002,417 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/01/25 08:25:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/18 16:32:10 | 000,000,080 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/12/14 16:41:44 | 000,000,572 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/12/07 12:47:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JPR.{PB
[2006/12/07 12:47:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JCM.{PB
[2006/12/04 15:42:28 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2006/11/06 13:15:41 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/11/06 13:15:41 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/11/06 13:05:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/17 12:45:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/15 15:16:50 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.log
[2006/10/15 15:16:44 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\ezpinst.exe
[2006/10/15 15:16:44 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.cat
[2006/10/15 15:16:44 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.inf
[2006/10/08 15:48:22 | 000,002,347 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2006/09/15 19:49:05 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\dvd.bmk
[2006/09/09 15:30:08 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/09 15:30:08 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\5F564B9C0F.sys
[2006/09/08 14:45:28 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/08 12:46:27 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2006/09/05 14:30:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/05 14:22:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/05 14:16:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/05 14:11:05 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/05 13:42:34 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/09/05 13:42:34 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/09/05 13:42:34 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/09/05 13:42:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/09/05 13:42:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/09/05 13:42:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/09/05 13:42:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/09/05 13:42:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/09/05 13:42:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/09/05 13:41:46 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/12 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2011/02/08 12:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2010/10/19 18:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
[2010/09/13 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/12/17 19:24:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/15 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2010/09/08 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/06 21:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2007/08/08 10:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\microgaming
[2007/01/09 15:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/02/08 17:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/12/26 18:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/12 20:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/02/09 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/05/08 12:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2007/09/17 09:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/15 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/09/22 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/26 12:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 14:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/07 22:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\1clickPro
[2008/05/04 17:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2010/09/13 18:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Avery
[2009/06/28 17:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\CopyToDvd
[2010/11/04 17:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ICAClient
[2008/12/06 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Juniper Networks
[2006/09/15 20:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2010/07/21 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\log
[2009/06/08 21:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\My Sam's Club Digital Photo Center
[2011/01/17 10:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sony Online Entertainment
[2008/03/16 16:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Template
[2010/05/04 10:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Unity
[2010/03/08 17:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Vso
[2009/06/08 21:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\W Photo Studio Viewer
[2010/08/15 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WildTangent
[2011/02/10 17:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >
OTL Extras logfile created on: 2/10/2011 5:11:02 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.09 Gb Total Space | 71.60 Gb Free Space | 66.85% Space Free | Partition Type: NTFS
Drive D: | 37.02 Gb Total Space | 36.96 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 41.09 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 92.93 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 37.80 Gb Free Space | 8.12% Space Free | Partition Type: NTFS

Computer Name: SUSIE | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- (Microsoft Corporation)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2387D970-F42D-4278-AA40-7B727F9721FC}" = Disney Princess Royal Horse Show
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 22
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5E77082C-5DFC-42EF-9B16-64AD165F6BE2}" = MX vs ATV Unleashed Demo
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{680E5008-CA49-11D6-8940-0002A5E32BEF}" = Disney's Cinderella's Castle Designer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6CCDF4E6-D2AE-4DD8-80FD-F9AFF951AEAE}" = Adobe Premiere Elements 1.0
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{728278A1-0BB7-45E4-AC5E-91D7C0FD1EDE}" = EarthLink setup files
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{851C67EF-068A-4060-9EF5-2E3DDCD68382}" = Adobe Photoshop Elements 3.0
"{86C1A488-24AD-42F0-BCEF-FDB11FC2BEFA}" = NetZero For Riverdeep
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{94721EA3-7EA6-43EA-B99C-A5D0E3C66240}" = 924PLC32
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E42BD75A-FC23-4E3F-9F91-2658334C644F}" = Internet Service Offers Launcher
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.5.8.0
"1Click DVD Copy Pro_is1" = 1Click DVD Copy Pro 4.1.7.0
"1Click DVDTOIPOD_is1" = 1Click DVDTOIPOD 1.3.0.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Arthur's Pet Chase" = Arthur's Pet Chase
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"Barbie™ Horse Adventures™" = Barbie™ Horse Adventures™
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"Disney's Toontown Online" = Disney's Toontown Online
"DVD43_is1" = DVD43 v4.6.0
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ESET Online Scanner" = ESET Online Scanner v3
"Google Desktop" = Google Desktop
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"Lexar Media USB Card Reader Driver" = Lexar Media USB Card Reader Driver v2.1g
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSC" = McAfee AntiVirus Plus
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MWASPI" = MicroStaff WINASPI
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"PremElem10" = Adobe Premiere Elements 1.0
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® PRO Network Connections Drivers
"RealPlayer 6.0" = RealPlayer Basic
"UnityWebPlayer" = Unity Web Player
"VSO Inspector_is1" = VSO Inspector 2.0.2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SOE-Clone Wars" = Clone Wars
"SOE-Free Realms" = Free Realms

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2011 4:42:44 PM | Computer Name = SUSIE | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 2/2/2011 4:17:42 PM | Computer Name = SUSIE | Source = Application Hang | ID = 1002
Description = Hanging application Adobe Premiere Elements.exe, version 1.0.0.0,
hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2011 12:25:30 PM | Computer Name = SUSIE | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 2/4/2011 12:34:03 PM | Computer Name = SUSIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/4/2011 7:01:07 PM | Computer Name = SUSIE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x039822c8.

Error - 2/7/2011 12:46:51 AM | Computer Name = SUSIE | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/7/2011 4:50:20 PM | Computer Name = SUSIE | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2/10/2011 12:02:42 PM | Computer Name = SUSIE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Mail -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2762. The arguments are: , ,

Error - 2/10/2011 12:02:45 PM | Computer Name = SUSIE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

Error - 2/10/2011 12:02:45 PM | Computer Name = SUSIE | Source = MsiInstaller | ID = 10005
Description = Product: Windows Live Communications Platform -- The installer has
encountered an unexpected error installing this package. This may indicate a problem
with this package. The error code is 2762. The arguments are: , ,

[ OSession Events ]
Error - 12/14/2010 8:26:23 PM | Computer Name = SUSIE | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 33352
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/5/2011 9:08:13 PM | Computer Name = SUSIE | Source = DCOM | ID = 10010
Description = The server {520CCA63-51A5-11D3-9144-00104BA11C5E} did not register
with DCOM within the required timeout.

Error - 2/5/2011 11:32:34 PM | Computer Name = SUSIE | Source = DCOM | ID = 10010
Description = The server {520CCA63-51A5-11D3-9144-00104BA11C5E} did not register
with DCOM within the required timeout.

Error - 2/7/2011 2:31:43 PM | Computer Name = SUSIE | Source = Service Control Manager | ID = 7000
Description = The Compaq S200 Scanner service failed to start due to the following
error: %%2

Error - 2/9/2011 12:09:32 AM | Computer Name = SUSIE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/9/2011 12:09:32 AM | Computer Name = SUSIE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/9/2011 12:09:32 AM | Computer Name = SUSIE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/9/2011 12:09:32 AM | Computer Name = SUSIE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/9/2011 12:09:32 AM | Computer Name = SUSIE | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
again in 15 minutes. The error was: A socket operation was attempted to an unreachable
host. (0x80072751)

Error - 2/9/2011 12:09:32 AM | Computer Name = SUSIE | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 15 minutes. NtpClient has no source of accurate
time.

Error - 2/10/2011 4:26:01 AM | Computer Name = SUSIE | Source = Service Control Manager | ID = 7000
Description = The Compaq S200 Scanner service failed to start due to the following
error: %%2


< End of report >

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:34 AM

Posted 10 February 2011 - 08:04 PM

Before we continue...

The Ask toolbar is not recommended. This toolbar enhances internet browsing and provides a direct link to the "ask.com" search engine. This program is not known to be bundled with spyware - The company strongly denies the toolbar as being malware.

Please read why it might be good to remove it here.

If you choose to remove it then follow the instructions below.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":



ask.com



Additional instructions can be found here if needed.



Next let's make sure the rest of the adware gets removed. Open OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
:files
C:\Program Files\Search Toolbar
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Finally, another scan (as in the earlier post) using OTL and post the new log.
Posted Image
m0le is a proud member of UNITE

#11 susieged

susieged
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 12 February 2011 - 01:05 PM

Hi, I looked for ask.com toolbar in my programs and didn't see it. Is there another way to find it or is it possibly linked with another program under another name???




Here is the first scan I ran, followed by another OTL scan...

OTL logfile created on: 2/12/2011 11:47:04 AM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 63.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.09 Gb Total Space | 71.36 Gb Free Space | 66.64% Space Free | Partition Type: NTFS
Drive D: | 37.02 Gb Total Space | 36.96 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 41.09 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 92.93 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 37.80 Gb Free Space | 8.12% Space Free | Partition Type: NTFS

Computer Name: SUSIE | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonyhcs) -- C:\WINDOWS\system32\drivers\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/05/14 21:27:31 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/24 15:06:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106111023.dll (McAfee, Inc.)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044 (SonyOnlineInstallerX)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.34/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:43:26 | 000,000,000 | R--D | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/24 15:30:50 | 000,000,067 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/11 03:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/02/10 17:07:33 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 11:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/10 11:08:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/02/10 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/10 11:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/10 03:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/08 22:22:41 | 001,360,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/02/04 11:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\gmer
[2011/01/31 12:34:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Videos
[2011/01/27 19:21:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Pictures
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/14 23:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\New Folder (3)
[2006/10/15 15:16:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mom\Application Data\pcouffin.sys
[2006/09/16 14:53:12 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/09/05 13:42:34 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/09/05 13:42:34 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/09/05 13:42:34 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/09/05 13:42:34 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/09/05 13:42:34 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/09/05 13:42:32 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/09/05 13:42:32 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/09/05 13:42:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/12 11:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/10 17:07:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 03:26:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/10 03:25:56 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/02/10 03:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 03:25:30 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 03:25:30 | 000,567,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:09:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 03:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/08 22:21:42 | 001,246,371 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/05 12:15:53 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/05 10:51:17 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/04 11:57:17 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:09 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2011/02/04 11:50:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:15:48 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/01 14:22:10 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Logon.url
[2011/02/01 10:36:00 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/01/26 13:44:05 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 22:21:38 | 001,246,371 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/04 22:30:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:57:15 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:07 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2010/09/08 10:46:03 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/28 22:43:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/28 22:43:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/28 11:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/06 19:57:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/16 16:53:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2007/11/04 09:07:06 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/10/10 07:06:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/06/09 18:38:09 | 000,002,417 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/01/25 08:25:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/18 16:32:10 | 000,000,080 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/12/14 16:41:44 | 000,000,572 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/12/07 12:47:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JPR.{PB
[2006/12/07 12:47:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JCM.{PB
[2006/12/04 15:42:28 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2006/11/06 13:15:41 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/11/06 13:15:41 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/11/06 13:05:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/17 12:45:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/15 15:16:50 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.log
[2006/10/15 15:16:44 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\ezpinst.exe
[2006/10/15 15:16:44 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.cat
[2006/10/15 15:16:44 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.inf
[2006/10/08 15:48:22 | 000,002,347 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2006/09/15 19:49:05 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\dvd.bmk
[2006/09/09 15:30:08 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/09 15:30:08 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\5F564B9C0F.sys
[2006/09/08 14:45:28 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/08 12:46:27 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2006/09/05 14:30:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/05 14:22:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/05 14:16:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/05 14:11:05 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/05 13:42:34 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/09/05 13:42:34 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/09/05 13:42:34 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/09/05 13:42:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/09/05 13:42:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/09/05 13:42:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/09/05 13:42:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/09/05 13:42:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/09/05 13:42:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/09/05 13:41:46 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< :OTL >

< O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. >

< O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () >

< O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () >

< O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll () >

< O4 - HKLM..\Run: [KernelFaultCheck] File not found >

< :files >

< C:\Program Files\Search Toolbar >

< :reg >

< [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command] >

< ""=""%1" %*" >

< >

< End of report >




OTL logfile created on: 2/12/2011 1:00:06 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 62.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.09 Gb Total Space | 71.36 Gb Free Space | 66.64% Space Free | Partition Type: NTFS
Drive D: | 37.02 Gb Total Space | 36.96 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 41.09 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 92.93 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 37.80 Gb Free Space | 8.12% Space Free | Partition Type: NTFS

Computer Name: SUSIE | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonyhcs) -- C:\WINDOWS\system32\drivers\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/05/14 21:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/21 22:56:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/24 15:06:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106111023.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044 (SonyOnlineInstallerX)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.34/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:43:26 | 000,000,000 | R--D | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/24 15:30:50 | 000,000,067 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/11 03:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/02/10 17:07:33 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 11:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/10 11:08:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/02/10 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/10 11:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/10 03:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/08 22:22:41 | 001,360,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/02/04 11:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\gmer
[2011/01/31 12:34:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Videos
[2011/01/27 19:21:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Pictures
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/14 23:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\New Folder (3)
[2006/10/15 15:16:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mom\Application Data\pcouffin.sys
[2006/09/16 14:53:12 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/09/05 13:42:34 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/09/05 13:42:34 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/09/05 13:42:34 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/09/05 13:42:34 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/09/05 13:42:34 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/09/05 13:42:32 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/09/05 13:42:32 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/09/05 13:42:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/12 13:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/10 17:07:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 03:26:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/10 03:25:56 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/02/10 03:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 03:25:30 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 03:25:30 | 000,567,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:09:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 03:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/08 22:21:42 | 001,246,371 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/05 12:15:53 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/05 10:51:17 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/04 11:57:17 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:09 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2011/02/04 11:50:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:15:48 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/01 14:22:10 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Logon.url
[2011/02/01 10:36:00 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/01/26 13:44:05 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 22:21:38 | 001,246,371 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/04 22:30:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:57:15 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:07 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2010/09/08 10:46:03 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/28 22:43:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/28 22:43:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/28 11:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/06 19:57:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/16 16:53:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2007/11/04 09:07:06 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/10/10 07:06:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/06/09 18:38:09 | 000,002,417 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/01/25 08:25:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/18 16:32:10 | 000,000,080 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/12/14 16:41:44 | 000,000,572 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/12/07 12:47:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JPR.{PB
[2006/12/07 12:47:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JCM.{PB
[2006/12/04 15:42:28 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2006/11/06 13:15:41 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/11/06 13:15:41 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/11/06 13:05:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/17 12:45:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/15 15:16:50 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.log
[2006/10/15 15:16:44 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\ezpinst.exe
[2006/10/15 15:16:44 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.cat
[2006/10/15 15:16:44 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.inf
[2006/10/08 15:48:22 | 000,002,347 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2006/09/15 19:49:05 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\dvd.bmk
[2006/09/09 15:30:08 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/09 15:30:08 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\5F564B9C0F.sys
[2006/09/08 14:45:28 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/08 12:46:27 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2006/09/05 14:30:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/05 14:22:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/05 14:16:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/05 14:11:05 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/05 13:42:34 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/09/05 13:42:34 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/09/05 13:42:34 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/09/05 13:42:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/09/05 13:42:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/09/05 13:42:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/09/05 13:42:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/09/05 13:42:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/09/05 13:42:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/09/05 13:41:46 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/12 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2011/02/08 12:11:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2010/10/19 18:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
[2010/09/13 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/12/17 19:24:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/15 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2010/09/08 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/06 21:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2007/08/08 10:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\microgaming
[2007/01/09 15:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/02/08 17:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/12/26 18:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/12 20:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/02/09 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/05/08 12:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2007/09/17 09:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/15 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/09/22 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/26 12:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 14:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/07 22:31:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\1clickPro
[2008/05/04 17:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2010/09/13 18:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Avery
[2009/06/28 17:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\CopyToDvd
[2010/11/04 17:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ICAClient
[2008/12/06 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Juniper Networks
[2006/09/15 20:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2010/07/21 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\log
[2009/06/08 21:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\My Sam's Club Digital Photo Center
[2011/01/17 10:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sony Online Entertainment
[2008/03/16 16:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Template
[2010/05/04 10:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Unity
[2010/03/08 17:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Vso
[2009/06/08 21:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\W Photo Studio Viewer
[2010/08/15 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WildTangent
[2011/02/12 13:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< >

< End of report >

#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:34 AM

Posted 12 February 2011 - 01:59 PM

You ran a custom scan instead of a custom fix. This is why the script I asked you to run has been printed in a fetching shade of pink.

Please note the box that you should be pasting the OTL script into is Custome Scans/Fixes.

Under the Custom Scans/Fixes box at the bottom


Post that log before we move on to the OTL rescan
Posted Image
m0le is a proud member of UNITE

#13 susieged

susieged
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 13 February 2011 - 04:18 PM

And I was doing so well up until now! Here is the run fix followed by the scan. Sorry about that. Any advice about the ask.com?



========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ deleted successfully.
C:\Program Files\Search Toolbar\SearchToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9D425283-D487-4337-BAB6-AB8354A81457} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}\ not found.
File C:\Program Files\Search Toolbar\SearchToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
========== FILES ==========
C:\Program Files\Search Toolbar folder moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.20.6 log created on 02132011_155958





OTL logfile created on: 2/13/2011 4:03:09 PM - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 59.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.09 Gb Total Space | 71.33 Gb Free Space | 66.61% Space Free | Partition Type: NTFS
Drive D: | 37.02 Gb Total Space | 36.96 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 41.09 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 92.93 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 37.80 Gb Free Space | 8.12% Space Free | Partition Type: NTFS

Computer Name: SUSIE | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)
PRC - c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonyhcs) -- C:\WINDOWS\system32\drivers\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/05/14 21:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/21 22:56:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/24 15:06:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106111023.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044 (SonyOnlineInstallerX)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.34/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:43:26 | 000,000,000 | R--D | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/24 15:30:50 | 000,000,067 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 15:59:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/12 16:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/11 03:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/02/10 17:07:33 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 11:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/10 11:08:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/02/10 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/10 11:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/08 22:22:41 | 001,360,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/02/04 11:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\gmer
[2011/01/31 12:34:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Videos
[2011/01/27 19:21:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Pictures
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/14 23:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\New Folder (3)
[2006/10/15 15:16:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mom\Application Data\pcouffin.sys
[2006/09/16 14:53:12 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/09/05 13:42:34 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/09/05 13:42:34 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/09/05 13:42:34 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/09/05 13:42:34 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/09/05 13:42:34 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/09/05 13:42:32 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/09/05 13:42:32 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/09/05 13:42:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/13 16:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/02/12 16:58:28 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/02/10 17:07:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 03:26:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/10 03:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 03:25:30 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 03:25:30 | 000,567,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:09:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 03:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/08 22:21:42 | 001,246,371 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/05 12:15:53 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/05 10:51:17 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/04 11:57:17 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:09 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2011/02/04 11:50:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:15:48 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/01 14:22:10 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Logon.url
[2011/02/01 10:36:00 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/01/26 13:44:05 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 22:21:38 | 001,246,371 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/04 22:30:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:57:15 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:07 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2010/09/08 10:46:03 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/28 22:43:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/28 22:43:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/28 11:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/06 19:57:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/16 16:53:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2007/11/04 09:07:06 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/10/10 07:06:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/06/09 18:38:09 | 000,002,417 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/01/25 08:25:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/18 16:32:10 | 000,000,080 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/12/14 16:41:44 | 000,000,572 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/12/07 12:47:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JPR.{PB
[2006/12/07 12:47:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JCM.{PB
[2006/12/04 15:42:28 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2006/11/06 13:15:41 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/11/06 13:15:41 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/11/06 13:05:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/17 12:45:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/15 15:16:50 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.log
[2006/10/15 15:16:44 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\ezpinst.exe
[2006/10/15 15:16:44 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.cat
[2006/10/15 15:16:44 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.inf
[2006/10/08 15:48:22 | 000,002,347 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2006/09/15 19:49:05 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\dvd.bmk
[2006/09/09 15:30:08 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/09 15:30:08 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\5F564B9C0F.sys
[2006/09/08 14:45:28 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/08 12:46:27 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2006/09/05 14:30:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/05 14:22:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/05 14:16:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/05 14:11:05 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/05 13:42:34 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/09/05 13:42:34 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/09/05 13:42:34 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/09/05 13:42:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/09/05 13:42:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/09/05 13:42:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/09/05 13:42:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/09/05 13:42:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/09/05 13:42:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/09/05 13:41:46 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/12 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2011/02/13 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2010/10/19 18:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
[2010/09/13 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/12/17 19:24:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/15 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2010/09/08 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/06 21:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2007/08/08 10:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\microgaming
[2007/01/09 15:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/02/08 17:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/12/26 18:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/12 20:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/02/09 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/05/08 12:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2007/09/17 09:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/15 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/09/22 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/26 12:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 14:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/12 14:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\1clickPro
[2008/05/04 17:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2010/09/13 18:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Avery
[2009/06/28 17:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\CopyToDvd
[2010/11/04 17:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ICAClient
[2008/12/06 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Juniper Networks
[2006/09/15 20:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2010/07/21 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\log
[2009/06/08 21:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\My Sam's Club Digital Photo Center
[2011/01/17 10:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sony Online Entertainment
[2008/03/16 16:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Template
[2010/05/04 10:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Unity
[2010/03/08 17:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Vso
[2009/06/08 21:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\W Photo Studio Viewer
[2010/08/15 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WildTangent
[2011/02/13 16:01:00 | 000,000,230 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



< End of report >

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:08:34 AM

Posted 13 February 2011 - 05:59 PM

We'll remove the Ask folder with OTL so open OTL again

Under the Custom Scans/Fixes box at the bottom, paste in the following

:files
C:\Program Files\Ask.com
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"


Then click the Run Fix button at the top

Let the program run unhindered.

When done it will say "Fix Complete press ok to open the log"
Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Next please rescan using OTL. No script, just a scan :) and post the log.
Posted Image
m0le is a proud member of UNITE

#15 susieged

susieged
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:34 AM

Posted 14 February 2011 - 04:04 PM

Here it is...


========== FILES ==========
C:\Program Files\Ask.com folder moved successfully.
C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!

OTL by OldTimer - Version 3.2.20.6 log created on 02142011_155606



OTL logfile created on: 2/14/2011 3:57:18 PM - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 107.09 Gb Total Space | 71.28 Gb Free Space | 66.56% Space Free | Partition Type: NTFS
Drive D: | 37.02 Gb Total Space | 36.96 Gb Free Space | 99.83% Space Free | Partition Type: NTFS
Drive G: | 465.76 Gb Total Space | 41.09 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Drive H: | 189.92 Gb Total Space | 92.93 Gb Free Space | 48.93% Space Free | Partition Type: NTFS
Drive J: | 465.76 Gb Total Space | 37.80 Gb Free Space | 8.12% Space Free | Partition Type: NTFS

Computer Name: SUSIE | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\dvd43\DVD43_Tray.exe ()
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe (Seagate LLC)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dlcccoms.exe ( )
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe (InstallShield Software Corporation)
PRC - c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Mom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll ()
MOD - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (mfevtp) -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (dlcc_device) -- C:\WINDOWS\System32\dlcccoms.exe ( )
SRV - (AdobeActiveFileMonitor) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe ()
SRV - (PhotoshopElementsDeviceConnect) -- C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe ()


========== Driver Services (SafeList) ==========

DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\WINDOWS\system32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mfendiskmp) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mfendisk) -- C:\WINDOWS\system32\drivers\mfendisk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\WINDOWS\system32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfetdi2k) -- C:\WINDOWS\system32\drivers\mfetdi2k.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\WINDOWS\system32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (dvd43llh) -- C:\WINDOWS\system32\drivers\dvd43llh.sys (RIF)
DRV - (61883) -- C:\WINDOWS\system32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\WINDOWS\system32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\WINDOWS\system32\drivers\msdv.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (motmodem) -- C:\WINDOWS\system32\drivers\motmodem.sys (Motorola)
DRV - (dsunidrv) -- C:\WINDOWS\system32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (ASCTRM) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (DRVMCDB) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DRVNDDM) -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (sonyhcs) -- C:\WINDOWS\system32\drivers\sonyhcs.sys (Sony Corporation)
DRV - (sonyhcb) -- C:\WINDOWS\system32\DRIVERS\sonyhcb.sys (Sony Corporation)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (MASPINT) -- C:\WINDOWS\System32\drivers\MASPINT.SYS (MicroStaff Co.,Ltd.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/05/14 21:27:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/21 22:56:59 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/09/24 15:06:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20101106111023.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Dictionary.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\DVD43_Tray.exe ()
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ()
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gamedata/plugins/1.0.3.93/FreeRealmsInstaller.cab?v=1044 (SonyOnlineInstallerX)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterfly.com/downloads/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} http://www.samsphotoclub.com/upload/FujifilmUploadClient.cab (FujifilmUploader Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.34/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EFD1E13D-1CB3-4545-B754-CA410FE7734F} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_2/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 04:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:40:05 | 000,000,000 | R--D | M] - G:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/22 20:43:26 | 000,000,000 | R--D | M] - H:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2010/09/24 15:30:50 | 000,000,067 | ---- | M] () - J:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/13 15:59:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/12 16:58:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/02/11 03:01:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/02/10 17:07:33 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 11:10:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/10 11:08:54 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2011/02/10 11:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2011/02/10 11:07:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/08 22:22:41 | 001,360,472 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/02/04 11:58:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Desktop\gmer
[2011/01/31 12:34:43 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Videos
[2011/01/27 19:21:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Mom\My Documents\My Pictures
[2011/01/21 09:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2006/10/15 15:16:44 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mom\Application Data\pcouffin.sys
[2006/09/16 14:53:12 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\IMPLODE.DLL
[2006/09/05 13:42:34 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccserv.dll
[2006/09/05 13:42:34 | 001,134,592 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccusb1.dll
[2006/09/05 13:42:34 | 000,638,976 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpmui.dll
[2006/09/05 13:42:34 | 000,483,328 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcclmpm.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccprox.dll
[2006/09/05 13:42:34 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\dlccpplc.dll
[2006/09/05 13:42:32 | 000,774,144 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcchbn3.dll
[2006/09/05 13:42:32 | 000,704,512 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomc.dll
[2006/09/05 13:42:32 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcccomm.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/12 16:58:28 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee AntiVirus Plus.lnk
[2011/02/10 17:07:35 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/02/10 03:26:17 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/10 03:25:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/10 03:25:30 | 2137,149,440 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/10 03:25:30 | 000,567,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/10 03:09:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/09 03:14:02 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/08 22:21:42 | 001,246,371 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/05 12:15:53 | 000,211,456 | ---- | M] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/05 10:51:17 | 000,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/02/04 11:57:17 | 000,288,107 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:09 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2011/02/04 11:50:08 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:15:48 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2011/02/01 14:22:10 | 000,000,230 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Logon.url
[2011/02/01 10:36:00 | 001,360,472 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Mom\Desktop\TDSSKiller.exe
[2011/01/26 13:44:05 | 002,359,350 | ---- | M] () -- C:\WINDOWS\wallpaper.bmp
[2011/01/21 09:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 09:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/08 22:21:38 | 001,246,371 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\tdsskiller.zip
[2011/02/04 22:30:10 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Defogger.exe
[2011/02/04 11:57:15 | 000,288,107 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\gmer.zip
[2011/02/04 11:53:07 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\dds.scr
[2010/09/08 10:46:03 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/28 22:43:34 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/01/28 22:43:33 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/28 11:46:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/06 19:57:59 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/16 16:53:24 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2007/11/04 09:07:06 | 000,000,196 | ---- | C] () -- C:\WINDOWS\disneysy.ini
[2007/10/10 07:06:13 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2007/06/09 18:38:09 | 000,002,417 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/01/25 08:25:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/01/18 16:32:10 | 000,000,080 | ---- | C] () -- C:\WINDOWS\CANDYLND.INI
[2006/12/14 16:41:44 | 000,000,572 | ---- | C] () -- C:\WINDOWS\ka.ini
[2006/12/07 12:47:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JPR.{PB
[2006/12/07 12:47:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\PFP110JCM.{PB
[2006/12/04 15:42:28 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2006/11/06 13:15:41 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\WNASPI32.DLL
[2006/11/06 13:15:41 | 000,000,291 | ---- | C] () -- C:\WINDOWS\msfsetup.ini
[2006/11/06 13:05:02 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2006/10/17 12:45:39 | 000,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/10/15 15:16:50 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.log
[2006/10/15 15:16:44 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\ezpinst.exe
[2006/10/15 15:16:44 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.cat
[2006/10/15 15:16:44 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\pcouffin.inf
[2006/10/08 15:48:22 | 000,002,347 | ---- | C] () -- C:\WINDOWS\vista32d.ini
[2006/09/15 19:49:05 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\dvd.bmk
[2006/09/09 15:30:08 | 000,002,516 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/09/09 15:30:08 | 000,000,088 | ---- | C] () -- C:\WINDOWS\System32\5F564B9C0F.sys
[2006/09/08 14:45:28 | 000,211,456 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/09/08 12:46:27 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2006/09/05 14:30:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/05 14:22:59 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/09/05 14:16:00 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/09/05 14:11:05 | 000,712,704 | ---- | C] () -- C:\WINDOWS\System32\DellSystemRestore.dll
[2006/09/05 13:42:34 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2006/09/05 13:42:34 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2006/09/05 13:42:34 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2006/09/05 13:42:34 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2006/09/05 13:42:34 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2006/09/05 13:42:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2006/09/05 13:42:34 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2006/09/05 13:42:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2006/09/05 13:42:32 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2006/09/05 13:42:32 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2006/09/05 13:41:46 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/11/10 08:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/08/16 04:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 04:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/05 14:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/08/02 14:00:16 | 000,000,611 | ---- | C] () -- C:\WINDOWS\System32\dlccplc.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2008/12/12 21:40:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2011/02/13 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
[2010/10/19 18:51:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVDTOIPOD
[2010/09/13 18:35:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2010/12/17 19:24:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/08/15 16:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Disney Interactive
[2010/09/08 10:52:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2008/12/06 21:31:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2007/08/08 10:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\microgaming
[2007/01/09 15:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/02/08 17:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2008/12/26 18:25:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/12 20:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2008/02/09 21:28:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/05/08 12:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/08/15 16:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vivendi Universal Games
[2007/09/17 09:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/08/15 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2010/09/22 14:59:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/26 12:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/05/13 14:38:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/02/12 14:21:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\1clickPro
[2008/05/04 17:53:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2010/09/13 18:48:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Avery
[2009/06/28 17:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\CopyToDvd
[2010/11/04 17:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\ICAClient
[2008/12/06 21:31:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Juniper Networks
[2006/09/15 20:45:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2010/07/21 22:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\log
[2009/06/08 21:39:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\My Sam's Club Digital Photo Center
[2011/01/17 10:19:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Sony Online Entertainment
[2008/03/16 16:53:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Template
[2010/05/04 10:23:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Unity
[2010/03/08 17:48:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Vso
[2009/06/08 21:44:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\W Photo Studio Viewer
[2010/08/15 16:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WildTangent

========== Purity Check ==========



< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users