Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer keeps locking up on the web


  • This topic is locked This topic is locked
6 replies to this topic

#1 shyjace

shyjace

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 28 March 2011 - 12:05 AM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:35:37 AM, on 3/28/2011
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10m_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ytbb.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\ToddandKristi\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/index.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LEX 18 Desktop Weather.lnk = C:\Program Files\LEX 18 Desktop Weather\liveonline_3477603.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra 'Tools' menuitem: Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O15 - Trusted Zone: http://*.cinemanow.com
O16 - DPF: PackageCab - http://ak.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/3DVIA_player_installer.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/chuzzle/sis/popcaploader_v10.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} (CPlayFirstDreamChronControl Object) - http://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG10\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11585 bytes

Edited by Budapest, 28 March 2011 - 12:36 AM.
Moved from Vista ~BP


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:01 PM

Posted 03 April 2011 - 08:57 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:01 PM

Posted 09 April 2011 - 11:17 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:01 PM

Posted 10 April 2011 - 07:29 AM

This topic has been re-opened at the request of the person who originally posted.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 shyjace

shyjace
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:01 PM

Posted 14 April 2011 - 05:53 PM

OTL logfile created on: 4/14/2011 6:32:55 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ToddandKristi\Documents
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 272.00 Mb Available Physical Memory | 27.00% Memory free
196.00 Gb Paging File | 195.00 Gb Available in Paging File | 99.00% Paging File free
Paging file location(s): c:\pagefile.sys 200000 200000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 116.28 Gb Free Space | 24.97% Space Free | Partition Type: NTFS
Drive D: | 702.31 Mb Total Space | 674.38 Mb Free Space | 96.02% Space Free | Partition Type: UDF

Computer Name: TODDANDKRIST-PC | User Name: ToddandKristi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/09 22:50:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ToddandKristi\Documents\OTL.exe
PRC - [2011/04/02 03:24:21 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe
PRC - [2011/01/21 13:30:36 | 000,025,464 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011/01/17 16:15:32 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/08/30 08:25:04 | 000,025,976 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/07/27 06:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2009/06/03 21:44:45 | 000,454,656 | ---- | M] () -- C:\Program Files\LEX 18 Desktop Weather\liveonline_3477603.exe
PRC - [2009/03/13 19:56:56 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (SafeList) ==========

MOD - [2011/04/09 22:50:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ToddandKristi\Documents\OTL.exe
MOD - [2011/03/09 16:54:14 | 000,018,176 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2006/11/02 05:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/13 22:28:54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22:28:54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22:28:54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 20:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2006/11/02 08:34:32 | 000,263,272 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2010/10/13 22:28:54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22:28:54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22:28:54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22:28:54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22:28:54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22:28:54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22:28:54 | 000,064,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2010/10/13 22:28:54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22:28:54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/07/27 05:47:30 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/07/27 05:47:10 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/06/18 20:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/11/02 03:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/08/17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80114


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



IE - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.peoplepc.com/index.asp
IE - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/09 10:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/09 10:30:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/04/07 22:07:34 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20110413161137.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0983.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Users\ToddandKristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LEX 18 Desktop Weather.lnk = C:\Program Files\LEX 18 Desktop Weather\liveonline_3477603.exe ()
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\..Trusted Domains: $talisma_url$ ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1548958325-4241760063-1456078224-1000\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.shockwave.com/content/chuzzle/sis/popcaploader_v10.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E41BA393-9078-424E-9554-9DB5126F5F4C} http://www.shockwave.com/content/dreamchronicles2/sis/dream2web.1.0.0.13.cab (CPlayFirstDreamChronControl Object)
O16 - DPF: PackageCab http://ak.imgag.com/imgag/cp/install/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\ToddandKristi\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\ToddandKristi\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

MsConfig - StartUpFolder: C:^Users^ToddandKristi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: YSearchProtection - hkey= - key= - C:\Program Files\Yahoo!\Search Protection\YspService.exe (Yahoo! Inc.)
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/04/14 18:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2011/04/12 20:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/04/12 20:00:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/12 16:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/04/10 00:54:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2011/04/10 00:54:21 | 000,000,000 | ---D | C] -- C:\Program Files\AC3Filter
[2011/04/09 22:50:13 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\ToddandKristi\Documents\OTL.exe
[2011/04/09 22:22:38 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2011/04/09 21:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2011/04/09 15:49:30 | 005,591,704 | ---- | C] (Uniblue Systems Ltd ) -- C:\Users\ToddandKristi\Documents\speedupmypc.exe
[2011/04/08 12:02:10 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/04/07 23:55:56 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx
[2011/04/07 23:55:56 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TABCTL32.OCX
[2011/04/07 23:55:56 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011/04/07 23:55:56 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comdlg32.ocx
[2011/04/07 23:35:35 | 000,000,000 | ---D | C] -- C:\Users\ToddandKristi\AppData\Roaming\PCHC
[2011/04/07 22:00:55 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2011/04/07 22:00:48 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2011/04/07 22:00:48 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2011/04/07 22:00:48 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2011/04/07 22:00:48 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfetdi2k.sys
[2011/04/07 22:00:48 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2011/04/07 22:00:48 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2011/04/07 22:00:48 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[2011/04/07 22:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2011/04/07 22:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2011/04/07 22:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2011/04/07 21:39:54 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/04/07 20:09:17 | 000,000,000 | ---D | C] -- C:\Users\ToddandKristi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\att.net
[2011/04/07 20:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\att.net
[2011/04/05 01:57:05 | 000,000,000 | ---D | C] -- C:\Users\ToddandKristi\AppData\Roaming\Motive
[2011/04/04 04:09:33 | 000,000,000 | ---D | C] -- C:\Users\ToddandKristi\AppData\Roaming\Malwarebytes
[2011/04/04 04:09:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/04 04:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/04 04:09:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/04/04 04:09:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/04 04:09:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/04 04:08:42 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\ToddandKristi\Documents\mbam-setup-1.50.1.1100.exe
[2011/04/01 04:12:13 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/01 04:10:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/04/01 04:10:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/04/01 04:10:42 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/03/28 00:15:02 | 000,000,000 | ---D | C] -- C:\Users\ToddandKristi\Documents\backups
[2011/03/27 23:58:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\ToddandKristi\Documents\HijackThis.exe
[2011/03/27 23:21:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/03/27 23:21:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/03/27 23:18:01 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\ToddandKristi\Documents\spybotsd162.exe
[2011/03/23 14:06:37 | 000,000,000 | ---D | C] -- C:\Users\ToddandKristi\AppData\Roaming\AVG
[2011/03/21 16:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/03/21 16:38:48 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/21 16:35:54 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/03/21 16:32:58 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/03/17 19:28:56 | 000,000,000 | ---D | C] -- C:\Users\ToddandKristi\AppData\Roaming\Phantasmat_shockwave_ce
[2011/03/17 16:51:51 | 000,000,000 | ---D | C] -- C:\Users\ToddandKristi\AppData\Roaming\Virtual Prophecy
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/14 18:21:22 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/04/14 18:20:02 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/14 18:19:14 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 18:19:13 | 000,003,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/14 18:19:11 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/14 18:19:10 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/04/14 18:19:10 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2011/04/14 18:19:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/14 18:19:03 | 1063,231,488 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/12 20:02:04 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/12 19:40:12 | 000,002,231 | ---- | M] () -- C:\Users\ToddandKristi\Desktop\iTunes.lnk
[2011/04/12 16:11:23 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/12 16:11:23 | 000,001,854 | ---- | M] () -- C:\Users\ToddandKristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/10 22:54:14 | 150,002,301 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/09 22:50:31 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\ToddandKristi\Documents\OTL.exe
[2011/04/09 22:13:20 | 000,700,944 | ---- | M] () -- C:\Users\ToddandKristi\Documents\Agere_Pci_Soft_Modem__-_Windows_Xp_SP2.zip
[2011/04/09 21:52:06 | 000,000,903 | ---- | M] () -- C:\Users\ToddandKristi\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/04/09 17:09:00 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2011/04/09 17:08:59 | 000,000,903 | ---- | M] () -- C:\Users\ToddandKristi\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemTweaker.lnk
[2011/04/09 17:04:11 | 000,000,967 | ---- | M] () -- C:\Users\ToddandKristi\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2011/04/09 17:04:11 | 000,000,943 | ---- | M] () -- C:\Users\Public\Desktop\SpeedUpMyPC.lnk
[2011/04/09 16:09:04 | 005,591,704 | ---- | M] (Uniblue Systems Ltd ) -- C:\Users\ToddandKristi\Documents\speedupmypc.exe
[2011/04/07 23:49:46 | 000,259,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/07 20:29:21 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\AT&T Service & Support Tool.lnk
[2011/04/07 20:09:24 | 000,000,158 | ---- | M] () -- C:\Users\ToddandKristi\Desktop\AT&T Internet.url
[2011/04/07 20:09:21 | 000,000,160 | ---- | M] () -- C:\Users\ToddandKristi\Desktop\AT&T Webmail.url
[2011/04/04 04:09:22 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/04 04:08:50 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\ToddandKristi\Documents\mbam-setup-1.50.1.1100.exe
[2011/03/30 07:05:46 | 000,618,410 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/30 07:05:46 | 000,103,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/27 23:58:45 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\ToddandKristi\Documents\HijackThis.exe
[2011/03/27 23:18:35 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\ToddandKristi\Documents\spybotsd162.exe
[2011/03/27 23:14:20 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/21 16:39:02 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/03/19 05:38:38 | 000,384,072 | ---- | M] () -- C:\Users\ToddandKristi\Documents\ATT_SST.exe
[2011/03/17 19:27:19 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Phantasmat - Collector's Edition.lnk
[2011/03/17 18:07:33 | 000,001,160 | ---- | M] () -- C:\Users\Public\Desktop\Enlightenus II - The Timeless Tower.lnk
[2011/03/17 16:34:32 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Mishap 2 - An Intentional Haunting.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/12 20:02:04 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/04/12 16:25:44 | 000,002,231 | ---- | C] () -- C:\Users\ToddandKristi\Desktop\iTunes.lnk
[2011/04/12 16:11:23 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/04/12 16:11:23 | 000,001,854 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk
[2011/04/12 16:11:23 | 000,001,854 | ---- | C] () -- C:\Users\ToddandKristi\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/10 00:54:21 | 000,497,664 | ---- | C] () -- C:\Windows\System32\ac3filter.acm
[2011/04/09 22:22:00 | 000,700,944 | ---- | C] () -- C:\Users\ToddandKristi\Documents\Agere_Pci_Soft_Modem__-_Windows_Xp_SP2.zip
[2011/04/09 21:52:11 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2011/04/09 21:52:06 | 000,000,903 | ---- | C] () -- C:\Users\ToddandKristi\Application Data\Microsoft\Internet Explorer\Quick Launch\DriverScanner.lnk
[2011/04/09 17:09:00 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\SystemTweaker.lnk
[2011/04/09 17:08:59 | 000,000,903 | ---- | C] () -- C:\Users\ToddandKristi\Application Data\Microsoft\Internet Explorer\Quick Launch\SystemTweaker.lnk
[2011/04/09 17:04:11 | 000,000,943 | ---- | C] () --
[2011/04/09 17:02:28 | 000,000,967 | ---- | C] () -- C:\Users\ToddandKristi\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2011/04/07 22:02:32 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2011/04/07 20:29:21 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\AT&T Service & Support Tool.lnk
[2011/04/07 20:09:24 | 000,000,158 | ---- | C] () -- C:\Users\ToddandKristi\Desktop\AT&T Internet.url
[2011/04/07 20:09:21 | 000,000,160 | ---- | C] () -- C:\Users\ToddandKristi\Desktop\AT&T Webmail.url
[2011/04/04 04:09:22 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/27 23:14:20 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/21 16:39:02 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/03/19 05:38:23 | 000,384,072 | ---- | C] () -- C:\Users\ToddandKristi\Documents\ATT_SST.exe
[2011/03/17 18:07:33 | 000,001,160 | ---- | C] () -- C:\Users\Public\Desktop\Enlightenus II - The Timeless Tower.lnk
[2011/03/17 16:34:32 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Mishap 2 - An Intentional Haunting.lnk
[2011/03/17 15:50:48 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Phantasmat - Collector's Edition.lnk
[2011/02/25 00:22:09 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/02/25 00:22:09 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/13 03:19:47 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/03/31 23:13:15 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009/11/21 22:45:45 | 000,000,004 | ---- | C] () -- C:\Users\ToddandKristi\AppData\Roaming\9b32o59zodmpyrhngldhvjjkeycc9b32o59zodmpyrhngldhvjjkeycc9b32o
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/03 21:44:45 | 000,061,440 | ---- | C] () -- C:\Windows\uninstall.exe
[2009/05/15 21:20:53 | 000,000,019 | ---- | C] () -- C:\Windows\info9.ini
[2009/05/15 21:20:53 | 000,000,019 | ---- | C] () -- C:\Windows\info7.ini
[2009/05/15 21:20:53 | 000,000,019 | ---- | C] () -- C:\Windows\info4.ini
[2009/05/15 21:20:53 | 000,000,019 | ---- | C] () -- C:\Windows\info10.ini
[2008/11/10 02:41:46 | 000,022,016 | ---- | C] () -- C:\Users\ToddandKristi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/11/10 00:14:12 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,259,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 000,618,410 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,103,818 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 03:22:43 | 000,099,999 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006/11/02 03:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2009/03/13 19:56:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\explorer.exe
[2009/03/13 19:56:56 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009/03/13 19:56:55 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009/03/13 19:56:55 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/03/13 19:56:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe

< MD5 for: WININIT.EXE >
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\System32\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\System32\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E8CE1FE5
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:ACD203D5
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9B13792F
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:97B485E1
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:84054AD9
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:80F9BB49
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:5E80C0B1
@Alternate Data Stream - 393 bytes -> C:\ProgramData\TEMP:FC3A050A
@Alternate Data Stream - 351 bytes -> C:\ProgramData\TEMP:9ED07655
@Alternate Data Stream - 343 bytes -> C:\ProgramData\TEMP:128E1E7A
@Alternate Data Stream - 289 bytes -> C:\ProgramData\TEMP:6B803FAA
@Alternate Data Stream - 251 bytes -> C:\ProgramData\TEMP:E650B916
@Alternate Data Stream - 233 bytes -> C:\ProgramData\TEMP:174B41A4
@Alternate Data Stream - 221 bytes -> C:\ProgramData\TEMP:B7749421
@Alternate Data Stream - 216 bytes -> C:\ProgramData\TEMP:D172A14D
@Alternate Data Stream - 211 bytes -> C:\ProgramData\TEMP:4A37385A
@Alternate Data Stream - 210 bytes -> C:\ProgramData\TEMP:086F28DF
@Alternate Data Stream - 208 bytes -> C:\ProgramData\TEMP:404D80C3
@Alternate Data Stream - 207 bytes -> C:\ProgramData\TEMP:38673444
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:C1FD1FC6
@Alternate Data Stream - 202 bytes -> C:\ProgramData\TEMP:9733CF44
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:8C065E0D
@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:20C69EEE
@Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:9D984E58
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:2268DE46
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:95D4EE60
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:BCA0532A
@Alternate Data Stream - 195 bytes -> C:\ProgramData\TEMP:7F7562E0
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:D7B5C4CF
@Alternate Data Stream - 193 bytes -> C:\ProgramData\TEMP:AFD2D4A7
@Alternate Data Stream - 190 bytes -> C:\ProgramData\TEMP:37ADF228
@Alternate Data Stream - 189 bytes -> C:\ProgramData\TEMP:F532ACFC
@Alternate Data Stream - 188 bytes -> C:\ProgramData\TEMP:B622084A
@Alternate Data Stream - 185 bytes -> C:\ProgramData\TEMP:F8135F61
@Alternate Data Stream - 182 bytes -> C:\ProgramData\TEMP:30079599
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:958C4B56
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:70DA7E92
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:3AE3CF4E
@Alternate Data Stream - 181 bytes -> C:\ProgramData\TEMP:128BAD21
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:23D8287B
@Alternate Data Stream - 177 bytes -> C:\ProgramData\TEMP:7315B36B
@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:134A79D4
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:F251E81F
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:D6A97E35
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:5F91AB27
@Alternate Data Stream - 174 bytes -> C:\ProgramData\TEMP:33255E85
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:AAA25DD2
@Alternate Data Stream - 173 bytes -> C:\ProgramData\TEMP:6F89846E
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:DAC45756
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:C63AD1B6
@Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:80ED6380
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:E618C8A1
@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:3DB46990
@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:68FB0053
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:CFF2876E
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:EEE9DF1B
@Alternate Data Stream - 166 bytes -> C:\ProgramData\TEMP:9C333EE7
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:E63882F7
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:E0A3E0DB
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:DBBE4B90
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:8D93F5F7
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:F7EDD606
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:8C2010E2
@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:5AEA68EE
@Alternate Data Stream - 161 bytes -> C:\ProgramData\TEMP:CD2D98DB
@Alternate Data Stream - 160 bytes -> C:\ProgramData\TEMP:39B8AFB6
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:C69F9A67
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:CBCF563D
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:3ECC91D7
@Alternate Data Stream - 157 bytes -> C:\ProgramData\TEMP:3E821E59
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:35CF1C69
@Alternate Data Stream - 156 bytes -> C:\ProgramData\TEMP:331AD5E9
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:6862E664
@Alternate Data Stream - 155 bytes -> C:\ProgramData\TEMP:0F16D679
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:D9046031
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:C19F43E4
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:9103B6B8
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:4C4BD503
@Alternate Data Stream - 154 bytes -> C:\ProgramData\TEMP:3951403F
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:D84B3BE0
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:887E700B
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:9CF56DF4
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:97E61001
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:CADE3CFB
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:B3A1E064
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:9C06B7D0
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:45858237
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:AC4BC6BC
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E79006EF
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:55F6E01F
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FD9A12B6
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:68FE11A2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:A56BFE2D
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:D8CE2F9D
@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:04B9B70F
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:4F3D6F6C
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:CA4300C6
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:8908BDEA
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E7BEFCD2
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:C9A4F45F
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:94ABBC1D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:540D2D26
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:892AEA67
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:08EA0404
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:A2752AFF
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:9A00FBCA
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5DD050E9
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:38C3E08C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:B812F293
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:CBEBC45E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:C7E57E97
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A57FD10A
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:8EBA6E50
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:028E4554
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:F38450C8
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:8ADA3722
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:DC491523
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:D3DE59BF
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:2EFA2AF7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:AEA3AEA6
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:410921CB
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:3DAC3B29
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B66CC022
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:A71E8A6B
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5AC1C931
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EE1F3AC9
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:BF1B9E14
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:A77B9B55
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8816C539
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:7BA612D4
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:03D3B5A1
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:E1EA0D54
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:B50D6904
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:C29D499C
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:73C62494
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:6CC6B34B
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:22B9F101
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1C5767C5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:D10C367B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:B5127BA3
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:442EBDC5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:0C35B70E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:B1F0782B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A64D6A28
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:026B49DD
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9FE680BC
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:DD042F8C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1CD3D34
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:76B3F064
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4EE11243
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:18997511
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:E0A051AD
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:6B15C5BC
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:8316AC6D
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:54C6AC6C
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2ED35895
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:ED8E5EE6
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:02387389
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:25990C16
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:A2C903BC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2520CFF2
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:17C9C8F9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:7780AA19
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:3DB0B938
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:2B340BD5
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:975EC777
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:67ED88CE

< End of report >
OTL Extras logfile created on: 4/9/2011 10:58:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\ToddandKristi\Documents
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.17037)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,013.00 Mb Total Physical Memory | 192.00 Mb Available Physical Memory | 19.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 1519 1519 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 294.80 Gb Free Space | 63.30% Space Free | Partition Type: NTFS

Computer Name: TODDANDKRIST-PC | User Name: ToddandKristi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1548958325-4241760063-1456078224-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1FD4B333-11E2-4DAD-B2F0-0E025EC6A932}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{39D446AE-20FF-425C-A47E-2607B4716327}" = rport=137 | protocol=17 | dir=out | app=system |
"{3BB57300-46AD-4B4C-BA19-3D9EFB5A95B3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{3D6B8E71-703C-4A14-A3B0-2766EEA4C25D}" = lport=10243 | protocol=6 | dir=in | app=system |
"{6AD9202C-68B9-4E46-B6F3-2068F2F1D841}" = lport=2869 | protocol=6 | dir=in | app=system |
"{72B7CD28-D06F-411F-A7DA-D95862D7AA4C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8488297C-CB27-4F61-B452-238BA7BCC83C}" = lport=138 | protocol=17 | dir=in | app=system |
"{8B953E54-B71B-46D2-A85D-854587B36C60}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8D80DDBF-A3CC-4718-B826-8B656C4590C2}" = rport=138 | protocol=17 | dir=out | app=system |
"{A03D63D8-9CDB-4E6F-A17F-1E0581476261}" = lport=137 | protocol=17 | dir=in | app=system |
"{B43CCB97-CD9C-490A-9E97-2402F824FD2F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{BE7FFFAD-FB49-4F8A-9ED7-4AA4EA2AD555}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C2B4199E-0B3E-4032-A829-A760D068F486}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CDA12789-C8C2-485F-A731-F2E58FCA54F1}" = lport=139 | protocol=6 | dir=in | app=system |
"{D59AF9D4-2EA2-4B77-9F97-B746ECF64269}" = lport=445 | protocol=6 | dir=in | app=system |
"{E59723DB-A4FA-4C07-803F-909B4B53E512}" = rport=445 | protocol=6 | dir=out | app=system |
"{E75253A2-499A-4CDC-AFFC-3EB912FEC8F6}" = rport=139 | protocol=6 | dir=out | app=system |
"{E94930D9-43A8-4807-B52A-1461DDCA4983}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA652BBE-6519-4C55-B46A-B5904AAE8991}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006B7F69-F0AC-49C4-9C7F-1A00BFC72128}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{07523646-832D-4E55-AFF9-3FCBCD869256}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0C8AD7AA-E1E8-4421-8CCA-642606047AB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0F443421-B312-479E-8F2C-26FECC7A88DD}" = protocol=6 | dir=out | app=system |
"{1AE0AC9E-2EA2-4574-81C6-0A649BA084A2}" = protocol=6 | dir=in | app=c:\program files\shockwave.com\midnight mysteries - salem witch trials\midnight mysteries - salem witch trials.exe |
"{29714AE8-1B2D-4B73-9566-F94A8591CA20}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{29C4F123-A237-41A4-8263-F875C5413A85}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{2C0B38ED-5092-4C9E-A05B-F5B8B657F1C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{310A77FB-19EB-481E-8676-2652341B6E7A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{37748A3A-CC70-4ED7-99CF-29F3AE8BFE00}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{4117A7AC-C94E-4EC7-B17B-2DA39AE35D64}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4F44FAEE-5CE6-4A5A-A32C-E980E77E4DD0}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{50DF05CD-1C5E-4D46-88BA-F067180A5CD1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6771B055-F628-4DCE-B2FA-FE7A50149592}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74BDF02A-34E3-4BB9-8A8D-ACB138A59DD4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{774E8AD5-3964-41F9-8D33-D04FB072B50F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8036DA1F-BA7A-4B40-AD6A-533BFC92089C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{96FC8E8D-BA4B-44BC-8602-883CF67BE154}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9A563B5F-A5F8-4754-9103-2CBE9E4B1DEA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{AA02ACA0-8864-41DC-AEC3-F08F6EDA73AF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B02CA794-A002-4CC6-A5BE-F97E7C6C2A90}" = protocol=17 | dir=in | app=c:\program files\shockwave.com\azada\azada.exe |
"{BDBE7B05-B0A7-4103-B664-AE848327CC9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C9D3EDC1-F6AE-4149-807E-9162717B0078}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{CF39113E-791E-4848-8BEA-4449EE6AE5B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D9AB9CE9-5BED-4BFF-8776-A55621AC310C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DE5CF353-1FAC-4FF4-B2AE-8E2F52866993}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DF53DA9C-C8AC-4BB3-86BF-306C59322076}" = protocol=6 | dir=in | app=c:\program files\shockwave.com\azada\azada.exe |
"{E55447E4-D816-4473-9530-FFCA75473D15}" = protocol=17 | dir=in | app=c:\program files\shockwave.com\midnight mysteries - salem witch trials\midnight mysteries - salem witch trials.exe |
"{E7EA3341-B967-4387-A724-F4F83EA3393B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E9EC4A65-9325-40B3-923E-90BCD6EFE545}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{EE67483B-E439-47AA-95A4-44103975D07C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1AB373E-B02A-4235-8B54-B3DB9AB4D18C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F34869F5-A616-47FD-BEEA-016799401946}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{1BF5E5A4-1CBB-48AB-A8CB-7CF0958F4AAD}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B8E3BA4B-4CE2-441F-806A-F83BAC67A5D2}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java™ 6 Update 24
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CA23CAC-A4CA-3FA8-C306-561E56C882A7}" = Adobe Photoshop Express Uploader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 4.1
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6710FE30-27F7-492B-A660-D31D4A898A43}" = MSN Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DBB1F4ED-3212-4F58-A427-9C01DE4A24A5}_is1" = Uniblue SystemTweaker
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E55B3271-7CA8-4D0C-AE06-69A24856E996}_is1" = Uniblue SpeedUpMyPC
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"A Gypsy's Tale: The Tower of Secrets" = A Gypsy's Tale: The Tower of Secrets
"A Magnetic Adventure" = A Magnetic Adventure
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Alt Shift" = Alt Shift
"ATT-PRT22" = ATT-PRT22
"ATT-SST" = AT&T Service & Support Tool
"Awakening: The Dreamless Castle" = Awakening: The Dreamless Castle
"Azada" = Azada
"Azada: Ancient Magic" = Azada: Ancient Magic
"Blood Oath" = Blood Oath
"Blue Madonna: A Carol Reed Mystery" = Blue Madonna: A Carol Reed Mystery
"Blue Toad Murder Files™: The Mysteries of Little Riddle" = Blue Toad Murder Files™: The Mysteries of Little Riddle
"Build-a-lot 2: Town of the Year" = Build-a-lot 2: Town of the Year
"Campfire Legends - The Babysitter" = Campfire Legends - The Babysitter
"Canon MP160 User Registration" = Canon MP160 User Registration
"CanonMyPrinter" = Canon My Printer
"cayahooantispy" = CA Yahoo! Anti-Spy (remove only)
"Chuzzle Deluxe™" = Chuzzle Deluxe™
"Chuzzle™ Christmas Edition" = Chuzzle™ Christmas Edition
"Column of the Maya" = Column of the Maya
"com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1" = Adobe Photoshop Express Uploader
"Cosmic Stacker" = Cosmic Stacker
"Dark Tales: Edgar Allan Poe's Murders in the Rue Morgue" = Dark Tales: Edgar Allan Poe's Murders in the Rue Morgue
"Deadtime Stories" = Deadtime Stories
"DivX Setup.divx.com" = DivX Setup
"Drawn: The Painted Tower™" = Drawn: The Painted Tower™
"Dream Chronicles®: The Book of Air™" = Dream Chronicles®: The Book of Air™
"Dream Chronicles™" = Dream Chronicles™
"Dream Chronicles™ 2: The Eternal Maze" = Dream Chronicles™ 2: The Eternal Maze
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Enlightenus II: The Timeless Tower" = Enlightenus II: The Timeless Tower
"Escape from Frankenstein's Castle" = Escape from Frankenstein's Castle
"Eternity" = Eternity
"Fiction Fixers - Adventures in Wonderland Premium Edition" = Fiction Fixers - Adventures in Wonderland Premium Edition
"Fiction Fixers - The Curse of Oz" = Fiction Fixers - The Curse of Oz
"Flux Family Secrets - The Ripple Effect" = Flux Family Secrets - The Ripple Effect
"Flyonoid" = Flyonoid
"Forgotten Places - Lost Circus" = Forgotten Places - Lost Circus
"Forgotten Riddles - The Mayan Princess" = Forgotten Riddles - The Mayan Princess
"Ghost Town Mysteries™ - Bodie" = Ghost Town Mysteries™ - Bodie
"Google Chrome" = Google Chrome
"Habitrail Hamsterball" = Habitrail Hamsterball
"Hamlet, or the last game without MMORPG features, shaders, and product placement" = Hamlet, or the last game without MMORPG features, shaders, and product placement
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"House M.D." = House M.D.
"Icy Spell" = Icy Spell
"Kiss Me!" = Kiss Me!
"Letters from Nowhere" = Letters from Nowhere
"LEX 18 Desktop Weather" = LEX 18 Desktop Weather
"Lost in the City" = Lost in the City
"LUXOR 5th Passage" = LUXOR 5th Passage
"LUXOR Adventures" = LUXOR Adventures
"Magic Encyclopedia: First Story" = Magic Encyclopedia: First Story
"Magic Encyclopedia: Illusions" = Magic Encyclopedia: Illusions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Midnight Mysteries: The Edgar Allan Poe Conspiracy" = Midnight Mysteries: The Edgar Allan Poe Conspiracy
"Mishap 2: An Intentional Haunting" = Mishap 2: An Intentional Haunting
"MP Navigator 3.0" = Canon MP Navigator 3.0
"MSC" = McAfee SecurityCenter
"Mystery Age - The Imperial Staff" = Mystery Age - The Imperial Staff
"Mystery Case Files: Madame Fate®" = Mystery Case Files: Madame Fate®
"Mystery Case Files: Ravenhearst®" = Mystery Case Files: Ravenhearst®
"Mystery Case Files®: Dire Grove™" = Mystery Case Files®: Dire Grove™
"Mystery Legends™: Sleepy Hollow" = Mystery Legends™: Sleepy Hollow
"Mystery of Mortlake Mansion™" = Mystery of Mortlake Mansion™
"Nancy Drew®: The Haunting of Castle Malloy" = Nancy Drew®: The Haunting of Castle Malloy
"Nat Geo Games©: Mystery of Cleopatra" = Nat Geo Games©: Mystery of Cleopatra
"New LEGO Digital Designer" = LEGO Digital Designer
"Nick Chase and the Deadly Diamond" = Nick Chase and the Deadly Diamond
"Nick Pals: Can I Keep 'Em?" = Nick Pals: Can I Keep 'Em?
"Nightfall Mysteries 2: Asylum Conspiracy" = Nightfall Mysteries 2: Asylum Conspiracy
"Nightfall Mysteries: Curse of the Opera" = Nightfall Mysteries: Curse of the Opera
"NSS" = Norton Security Scan
"Pahelika: Secret Legends" = Pahelika: Secret Legends
"Phantasmat - Collector's Edition" = Phantasmat - Collector's Edition
"Plants vs. Zombies™" = Plants vs. Zombies™
"PuppetShow: Mystery of Joyville™" = PuppetShow: Mystery of Joyville™
"Rhianna Ford and the Da Vinci Letter" = Rhianna Ford and the Da Vinci Letter
"Samantha Swift and the Fountains of Fate" = Samantha Swift and the Fountains of Fate
"Samantha Swift and the Mystery from Atlantis" = Samantha Swift and the Mystery from Atlantis
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"Sherlock Holmes and the Hound of the Baskervilles" = Sherlock Holmes and the Hound of the Baskervilles
"Slingo Quest Egypt" = Slingo Quest Egypt
"SpongeBob SquarePants 3-D" = SpongeBob SquarePants 3-D
"SpongeBob SquarePants Diner Dash" = SpongeBob SquarePants Diner Dash
"Sprill and Ritchie: Adventures in Time" = Sprill and Ritchie: Adventures in Time
"Strange Cases: The Tarot Card Mystery" = Strange Cases: The Tarot Card Mystery
"Super Smasher" = Super Smasher
"SyncCell" = SyncCell 3.0
"Tamara the 13th" = Tamara the 13th
"The Clockwork Man - The Hidden World Premium Edition" = The Clockwork Man - The Hidden World Premium Edition
"The Dark Hills of Cherai" = The Dark Hills of Cherai
"The Fairly OddParents - Timmy's Roach Rampage" = The Fairly OddParents - Timmy's Roach Rampage
"The Institute: A Becky Brogan Adventure" = The Institute: A Becky Brogan Adventure
"The Magician's Handbook II: BlackLore" = The Magician's Handbook II: BlackLore
"The Mysterious Case of Dr. Jekyll and Mr. Hyde" = The Mysterious Case of Dr. Jekyll and Mr. Hyde
"The Sultan's Labyrinth: A Royal Sacrifice" = The Sultan's Labyrinth: A Royal Sacrifice
"The Treasures of Mystery Island 2: The Gates of Fate" = The Treasures of Mystery Island 2: The Gates of Fate
"Trinklit Supreme" = Trinklit Supreme
"Twisted Lands: Shadow Town" = Twisted Lands: Shadow Town
"UnityWebPlayer" = Unity Web Player (All users)
"Unlikely Suspects" = Unlikely Suspects
"Word Search Deluxe" = Word Search Deluxe
"World Mosaics 3 - Fairy Tales" = World Mosaics 3 - Fairy Tales
"Xvid_is1" = Xvid 1.2.1 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Mail" = att.net Internet Mail
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1548958325-4241760063-1456078224-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for ToddandKristi
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/9/2011 3:32:29 AM | Computer Name = ToddandKrist-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8767

Error - 4/9/2011 3:32:30 AM | Computer Name = ToddandKrist-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/9/2011 3:32:30 AM | Computer Name = ToddandKrist-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9766

Error - 4/9/2011 3:32:30 AM | Computer Name = ToddandKrist-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9766

Error - 4/9/2011 10:33:29 PM | Computer Name = ToddandKrist-PC | Source = Perflib | ID = 1008
Description =

Error - 4/9/2011 10:33:30 PM | Computer Name = ToddandKrist-PC | Source = Perflib | ID = 1010
Description =

Error - 4/9/2011 10:33:31 PM | Computer Name = ToddandKrist-PC | Source = Perflib | ID = 1008
Description =

Error - 4/9/2011 10:33:40 PM | Computer Name = ToddandKrist-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 4/9/2011 10:36:01 PM | Computer Name = ToddandKrist-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

Error - 4/9/2011 10:41:46 PM | Computer Name = ToddandKrist-PC | Source = usbperf | ID = 2004
Description = Usbperf data collection failed. Collect function called with usupported
Query Type.

[ Media Center Events ]
Error - 7/21/2009 7:30:01 PM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/19/2009 5:47:40 PM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/24/2009 11:36:04 PM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/3/2009 4:08:37 AM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/15/2009 5:43:14 PM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/3/2009 10:49:06 PM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/5/2009 6:49:44 PM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/16/2010 2:47:18 AM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 11/1/2010 9:30:10 PM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 2/1/2011 3:05:34 PM | Computer Name = ToddandKrist-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =

Error - 4/9/2011 6:51:41 PM | Computer Name = ToddandKrist-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =


< End of report >

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:01 PM

Posted 19 April 2011 - 06:20 AM

Hi,

please run a scan with Rootkit Unhooker next:
Please download Rootkit Unhooker from one of the following links and save it to your desktop. Link 1 (.exe file) Link 2 (zipped file) Link 3 (.rar file) In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can downlaod, install and use the free 7-zip utility.
  • Double-click on RKUnhookerLE.exe to start the program. Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:11:01 PM

Posted 01 May 2011 - 08:24 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users