jkal
-
Posts
74 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by jkal
-
PC Reboots During Full MWB Scan
jkal replied to jkal's topic in Malwarebytes for Windows Support Forum
Although I believe I followed your directions, I suspect I've done something wrong as the Dump Folder is empty. Right clicking brought up dropdown where OPEN was the only logical option. Doing so immediately created the folder with nothing in it. Thanks, JK -
PC Reboots During Full MWB Scan
jkal replied to jkal's topic in Malwarebytes for Windows Support Forum
Thanks - Will be away from home PC for a day or two - will get to it when I return. Also - Is there a better way to completely remove all traces of McAfee as I thought I removed it years ago? jk -
PC Reboots During Full MWB Scan
jkal replied to jkal's topic in Malwarebytes for Windows Support Forum
Thanks so much - Here you go: Jk attach.txt dds.txt protection-log-2013-03-01.zip protection-log-2013-03-02.zip mbam-log-2013-03-01 (23-00-13).zip mbam-log-2013-03-02 (23-00-12).zip CheckResults.txt dds.txt attach.txt -
I have a scheduled daily full scan and, within the last two days, came home to find that my pc has rebooted. Nothing appears in the log and MSE doesn't reflect anything either. Windows displays a message: "Your PC has recovered from a serious error" A Quick Scan runs fine and when rebooting in Safe Mode, a full MWB scan runs fine - with no issues found. Thanks in advance for any guidance. jk
-
Sorry - I've been away. Finally back - just in time for a blizzard to hit!!!! It turns out that it was the internet service provider was having problems - though they initially swore that wasn't so. Everything is fine, coming up clean and with lightening speed. Thanks so much for your guidance. J
-
Results of screen317's Security Check version 0.99.8 Windows XP Service Pack 3 Internet Explorer 7 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! McAfee Virtual Technician Microsoft Security Essentials ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 23 Adobe Flash Player 10.0.45.2 Adobe Reader 8.1.2 Adobe Reader 8.1.2 Security Update 1 (KB403742) Out of date Adobe Reader installed! Mozilla Firefox (3.6.6) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log```````````` All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85d1f590-48f4-11d9-9669-0800200c9a66}\ not found. Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found. Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5} C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7} C:\WINDOWS\Downloaded Program Files\gp.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 7721502 bytes ->FireFox cache emptied: 3452806 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Jim ->Temp folder emptied: 942671 bytes ->Temporary Internet Files folder emptied: 4128078 bytes ->Java cache emptied: 200770 bytes ->FireFox cache emptied: 21186352 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 43392 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 275648 bytes ->Temporary Internet Files folder emptied: 575588 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1610 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 1924055 bytes Total Files Cleaned = 39.00 mb OTL by OldTimer - Version 3.2.20.6 log created on 01262011_123036 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
-
OTL logfile created on: 1/26/2011 8:12:38 AM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Jim\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free 9.00 Gb Paging File | 8.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 5373 5373 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 114.49 Gb Free Space | 38.41% Space Free | Partition Type: NTFS Drive F: | 298.08 Gb Total Space | 17.58 Gb Free Space | 5.90% Space Free | Partition Type: NTFS Computer Name: JIM-1 | User Name: Jim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/01/26 08:12:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe PRC - [2011/01/16 17:01:36 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE PRC - [2011/01/12 15:39:33 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2010/11/17 05:40:10 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files\Steam\steam.exe PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/09/27 09:34:44 | 002,512,896 | ---- | M] (RescueTime, Inc.) -- C:\Program Files\RescueTime\RescueTime.exe PRC - [2010/07/12 19:17:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe PRC - [2008/04/24 13:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2007/10/11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe PRC - [2007/03/28 20:41:26 | 002,037,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProTray.exe PRC - [2007/03/28 20:41:24 | 003,290,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe ========== Modules (SafeList) ========== MOD - [2011/01/26 08:12:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe MOD - [2011/01/12 15:40:23 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll MOD - [2008/04/13 18:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll MOD - [2007/04/19 14:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- -- (HidServ) SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt) SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2009/11/19 10:26:54 | 000,455,944 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service) SRV - [2009/07/26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009/05/04 14:47:42 | 000,267,760 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe -- (LiveTurbineMessageService) SRV - [2009/05/04 14:47:42 | 000,218,608 | ---- | M] (Turbine, Inc.) [On_Demand | Stopped] -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe -- (LiveTurbineNetworkService) SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) SRV - [2008/04/04 11:10:26 | 000,030,152 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Service) SRV - [2008/01/29 16:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist) SRV - [2007/10/11 08:45:56 | 000,051,712 | ---- | M] (ArcSoft) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2007/09/12 18:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate) SRV - [2007/09/12 18:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler) SRV - [2007/03/28 20:41:24 | 003,290,728 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe -- (Norton Ghost) SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) ========== Driver Services (SafeList) ========== DRV - [2011/01/26 07:52:31 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4E055F12-9281-49E3-9902-34D22BFE5D2F}\MpKslf3132c93.sys -- (MpKslf3132c93) DRV - [2010/06/02 09:15:57 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/03/11 22:57:20 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV) DRV - [2010/03/11 22:57:20 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2010/01/11 22:03:33 | 010,276,768 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk) DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk) DRV - [2009/07/13 05:18:16 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009/07/13 05:18:15 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009/06/30 08:37:16 | 000,028,552 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot) DRV - [2008/04/13 12:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE) DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus) DRV - [2008/03/01 11:59:12 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2007/10/01 16:24:36 | 000,023,864 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sskbfd.sys -- (SSKBFD) DRV - [2007/08/07 03:40:38 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2007/07/18 05:26:04 | 004,547,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007/03/28 20:49:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr) DRV - [2007/03/28 20:29:12 | 000,131,944 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symsnap.sys -- (symsnap) DRV - [2007/03/28 20:29:10 | 000,037,864 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount) DRV - [2007/03/28 20:23:50 | 000,014,072 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor) DRV - [2006/12/12 10:16:06 | 000,022,528 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emAudio.sys -- (emAudio) DRV - [2006/09/24 07:28:46 | 000,005,248 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan) DRV - [2005/12/21 08:14:52 | 000,100,957 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA) DRV - [2005/12/21 08:14:52 | 000,005,245 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emFilter.sys -- (FiltUSBEMPIA) DRV - [2005/12/21 08:14:52 | 000,004,493 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA) DRV - [2005/08/10 06:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x) DRV - [2005/05/16 07:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x) DRV - [2005/05/02 21:15:50 | 000,036,484 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SMBios.sys -- (SMBios) Intel ® DRV - [2004/11/29 12:14:30 | 000,019,648 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x) DRV - [2003/09/19 15:45:48 | 000,021,248 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [1996/04/03 13:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1935655697-602162358-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-1935655697-602162358-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1935655697-602162358-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {C4211278-C4BC-42CA-B51E-5003A82EBDD4}:1.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Firefox\Extensions\\{C4211278-C4BC-42CA-B51E-5003A82EBDD4}: C:\Documents and Settings\Jim\Local Settings\Application Data\{C4211278-C4BC-42CA-B51E-5003A82EBDD4} [2010/12/22 16:09:12 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/01/12 15:40:24 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/25 18:24:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/12 15:40:36 | 000,000,000 | ---D | M] [2010/03/27 14:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions [2008/10/13 17:05:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\home2@tomtom.com [2010/12/28 18:25:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\uckq9agm.default\extensions [2010/07/28 11:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\uckq9agm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/01/01 21:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/04/19 19:50:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/04 12:50:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/10 20:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011/01/01 21:00:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011/01/12 15:40:24 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2009/11/08 00:09:49 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\JIM\APPLICATION DATA\MOVE NETWORKS [2010/12/22 16:09:12 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\JIM\LOCAL SETTINGS\APPLICATION DATA\{C4211278-C4BC-42CA-B51E-5003A82EBDD4} [2010/09/04 12:50:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010/12/15 20:16:07 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Norton Ghost 12.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uSB2Check] C:\WINDOWS\System32\PCLECoInst.dll (Pinnacle Systems) O4 - HKU\S-1-5-21-1935655697-602162358-839522115-1004..\Run: [steam] C:\program files\steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-1935655697-602162358-839522115-1004..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6770.cab (Windows Live Safety Center Base Module) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/11/09 11:27:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKU\S-1-5-21-1935655697-602162358-839522115-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2011/01/26 08:12:10 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe [2011/01/25 20:57:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent [2011/01/25 20:32:21 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2011/01/22 15:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\H&R Block 2010 [2011/01/22 15:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\HRBlock2010 [2011/01/12 15:39:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Real [2011/01/05 11:30:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2011/01/05 11:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Comcast [2011/01/05 11:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Comcast [2011/01/05 11:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\SupportSoft [2011/01/05 11:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\ComcastUI [2011/01/03 19:29:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Divinity 2 [2011/01/03 19:29:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Divinity 2 [2011/01/03 19:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Divinity 2 [2011/01/03 19:26:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\AppData [2010/12/29 08:38:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Washer [2009/11/25 22:43:22 | 001,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Program Files\59B770ebQ.exe [2008/10/13 17:25:29 | 009,679,360 | ---- | C] (TomTom | Macrovision Corporation) -- C:\Program Files\TomTomHOMEwinlatest.exe [2008/10/13 17:16:11 | 019,411,496 | ---- | C] (TomTom International B.V.) -- C:\Program Files\TomTomHOME2winlatest.exe [2007/11/22 22:18:02 | 000,585,257 | ---- | C] (TablEdit ) -- C:\Program Files\tabled32.exe [2007/11/20 19:03:15 | 003,469,976 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXCodec.exe [1998/12/08 20:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL [1998/12/08 20:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL [1998/12/08 20:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL [1998/12/08 20:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL [1998/12/08 20:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL [1998/12/08 20:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL ========== Files - Modified Within 30 Days ========== [2011/01/26 08:12:04 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe [2011/01/26 08:11:32 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-1004.job [2011/01/26 08:11:32 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-1004.job [2011/01/26 08:07:54 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Doctor.lnk [2011/01/26 07:53:10 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011/01/26 07:52:43 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-500.job [2011/01/26 07:52:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/01/26 07:51:27 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX [2011/01/25 21:18:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/01/25 20:33:21 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif [2011/01/25 18:46:40 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-500.job [2011/01/22 15:19:49 | 000,001,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2010.lnk [2011/01/20 16:45:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/01/12 15:42:25 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2011/01/12 15:40:32 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/01/12 15:39:35 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll [2011/01/09 17:31:39 | 000,000,515 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk [2011/01/09 08:22:54 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/01/06 18:30:36 | 000,000,005 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx [2011/01/06 18:30:33 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX [2011/01/05 11:29:14 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Comcast Email.url [2011/01/02 11:29:26 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Divinity II - Dragon Knight Saga.url [2010/12/28 18:19:40 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB ========== Files Created - No Company Name ========== [2011/01/25 20:33:21 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif [2011/01/25 18:25:00 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-500.job [2011/01/25 18:25:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-500.job [2011/01/22 15:19:49 | 000,001,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\H&R Block 2010.lnk [2011/01/13 19:04:33 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-1004.job [2011/01/12 15:40:32 | 000,000,747 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RealPlayer.lnk [2011/01/09 17:31:39 | 000,000,515 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to Show Desktop.lnk [2011/01/05 11:29:58 | 000,002,519 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Comcast Desktop Doctor.lnk [2011/01/05 11:29:13 | 000,000,228 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Comcast Email.url [2011/01/03 21:04:07 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-1004.job [2011/01/02 11:29:26 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Divinity II - Dragon Knight Saga.url [2010/06/11 02:08:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/11/15 10:34:28 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat [2009/10/12 19:51:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\housecall.guid.cache [2009/08/07 18:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009/07/13 05:18:16 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009/07/13 05:18:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009/06/21 16:49:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2009/05/17 17:35:19 | 000,137,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009/05/17 17:35:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\PnkBstrK.sys [2009/05/10 20:44:25 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini [2009/03/10 13:27:44 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/02/16 14:52:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2008/08/05 16:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/08/05 15:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/05/19 00:37:11 | 004,846,342 | ---- | C] () -- C:\Program Files\REVISED BACK ART.bmp [2008/03/21 22:50:04 | 000,142,749 | ---- | C] () -- C:\Program Files\morebackcover3ix0.jpg [2008/03/21 22:47:18 | 000,041,392 | ---- | C] () -- C:\Program Files\coverart3xb3.jpg [2008/03/21 21:59:02 | 000,093,218 | ---- | C] () -- C:\Program Files\untitled444.PNG [2008/03/21 21:50:53 | 000,113,997 | ---- | C] () -- C:\Program Files\untitled333.PNG [2008/03/20 16:57:25 | 000,102,447 | ---- | C] () -- C:\Program Files\untitled222.PNG [2008/03/20 15:34:21 | 000,129,823 | ---- | C] () -- C:\Program Files\untitled.bmp [2008/03/14 23:26:20 | 000,135,318 | ---- | C] () -- C:\Program Files\cdstomperew5.png [2008/03/08 02:21:51 | 000,498,870 | ---- | C] () -- C:\Program Files\cd3.bmp [2008/03/08 02:07:40 | 000,498,870 | ---- | C] () -- C:\Program Files\cd sticker2.bmp [2008/03/08 02:04:17 | 001,562,706 | ---- | C] () -- C:\Program Files\cd2.bmp [2008/02/28 18:39:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Jim.ini [2008/02/27 15:35:44 | 026,166,770 | ---- | C] () -- C:\Program Files\NAV05ENG.exe [2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2008/01/16 11:58:30 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2008/01/16 11:58:30 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2007/12/24 22:39:08 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/09 12:01:24 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini [2007/11/25 19:53:05 | 009,479,520 | ---- | C] () -- C:\Program Files\winzip111.exe [2007/11/22 22:18:24 | 000,002,545 | ---- | C] () -- C:\WINDOWS\tabled32.ini [2007/11/14 15:58:02 | 000,000,707 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI [2007/11/14 15:53:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini [2007/11/12 22:48:37 | 000,002,543 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007/11/11 09:48:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/11/11 00:59:51 | 000,004,105 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/11/11 00:22:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2007/11/10 14:49:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/11/10 14:47:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini [2007/11/09 18:56:21 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2007/11/09 18:55:41 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2007/11/09 17:28:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/11/09 17:28:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2007/11/09 17:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2007/11/09 16:29:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2007/11/09 05:16:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL [1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2009/05/31 09:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy [2009/11/09 15:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare [2009/09/25 19:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/06/21 16:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2011/01/03 19:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Divinity 2 [2010/04/08 19:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video [2010/12/13 20:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2009/03/10 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle [2010/12/01 11:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2007/11/09 17:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2010/05/16 14:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony [2009/06/21 16:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2011/01/05 11:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft [2011/01/22 15:16:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut [2008/10/13 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2009/05/11 13:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine [2010/03/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2008/11/30 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/03/17 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2008/06/27 18:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE [2009/09/17 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/10/14 12:10:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/04/19 14:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Braid [2009/10/11 10:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/02/27 16:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Comcast [2008/03/17 17:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Command & Conquer 3 Tiberium Wars Demo [2010/02/20 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Games [2009/07/18 13:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Gearbox Software [2009/07/12 21:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo [2007/11/10 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech [2008/08/22 21:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\LimeWire [2009/07/14 21:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\My Games [2009/09/03 18:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\NationRed [2008/08/27 19:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Notepad++ [2009/02/16 14:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\pdf995 [2010/05/16 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Publish Providers [2009/07/12 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SaintXi [2010/05/16 18:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Sony [2009/09/13 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SteamPopCapv1001 [2010/12/13 20:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TaxCut [2009/06/21 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\The Creative Assembly [2009/06/12 22:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\The Path [2008/03/06 21:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TomTom [2010/05/16 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Tropico 3 Demo [2010/03/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Ubisoft [2010/05/15 15:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Unity [2008/11/30 14:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Viewpoint [2009/10/14 14:45:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore ========== Purity Check ========== < End of report > OTL Extras logfile created on: 1/26/2011 8:12:38 AM - Run 1 OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Jim\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free 9.00 Gb Paging File | 8.00 Gb Available in Paging File | 92.00% Paging File free Paging file location(s): C:\pagefile.sys 5373 5373 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 114.49 Gb Free Space | 38.41% Space Free | Partition Type: NTFS Drive F: | 298.08 Gb Total Space | 17.58 Gb Free Space | 5.90% Space Free | Partition Type: NTFS Computer Name: JIM-1 | User Name: Jim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-1935655697-602162358-839522115-1004\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "56741:TCP" = 56741:TCP:*:Enabled:Pando Media Booster "56741:UDP" = 56741:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "56741:TCP" = 56741:TCP:*:Enabled:Pando Media Booster "56741:UDP" = 56741:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- () "C:\WINDOWS\system32\defrag.exe" = C:\WINDOWS\system32\defrag.exe:*:Enabled:defrag -- (Microsoft Corp. and Executive Software International, Inc.) "C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- (Turbine, Inc.) "C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.) "C:\Program Files\Steam\SteamApps\jkalabokis\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\jkalabokis\team fortress 2\hl2.exe:*:Enabled:hl2 -- () "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost "C:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe" = C:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaW.exe" = C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaW.exe:*:Enabled:Call of Duty: World at War -- (Activision Blizzard, Inc.) "C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaWmp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaWmp.exe:*:Enabled:Call of Duty: World at War -- (Activision Blizzard, Inc.) "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "C:\Program Files\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe" = C:\Program Files\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- () "C:\Program Files\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare) "C:\Program Files\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe" = C:\Program Files\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare) "C:\Program Files\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- () "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- () "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- () "C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Disabled:${SafeProductName} ${FirewallName_Game} -- (BioWare) "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Disabled:${SafeProductName} ${FirewallName_Launcher} -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Disabled:${SafeProductName} ${FirewallName_Updater} -- (BioWare) "C:\Program Files\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe" = C:\Program Files\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- () "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\Steam\SteamApps\common\the witcher enhanced edition\System\witcher.exe" = C:\Program Files\Steam\SteamApps\common\the witcher enhanced edition\System\witcher.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red) "C:\Program Files\Steam\SteamApps\common\the witcher enhanced edition\System\djinni!.exe" = C:\Program Files\Steam\SteamApps\common\the witcher enhanced edition\System\djinni!.exe:*:Enabled:The Witcher: Enhanced Edition -- (CD Projekt Red) "C:\Program Files\Steam\SteamApps\common\sid meier's civilization v - demo\Launcher.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v - demo\Launcher.exe:*:Enabled:Sid Meier's Civilization V - Demo -- (Firaxis Games) "C:\Program Files\Steam\SteamApps\common\sid meier's civilization v - demo\CivilizationV.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v - demo\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V - Demo -- (Firaxis Games) "C:\Program Files\Steam\SteamApps\common\divinity ii - dragon knight saga\bin\Divinity2.exe" = C:\Program Files\Steam\SteamApps\common\divinity ii - dragon knight saga\bin\Divinity2.exe:*:Enabled:Divinity II - The Dragon Knight Saga -- (Larian Studios) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2 "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{10964A8F-21C1-45EA-BC2D-F84B505C3848}" = H&R Block Deluxe + Efile + State 2010 "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0 "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.2.3 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 23 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A14DB5B-8D96-400C-BD97-A5656779099D}" = ArcSoft PhotoStudio 5.5 "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009 "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{9175D434-CEE7-486F-BE09-15C4A18ABC9C}" = TaxCut Illinois 2008 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe
-
It seems that this crops up every few months...I know, I am going to bite the bullet and get the full version of MWB. However, MSE comes up clean, as did MWB (SAFE MODE)- Super Anti-Spyware picked it up and removed it. ESET and Spybot also came up with nothing. Since then, the internet connection has been incredibly slow. Any help would be greatly appreciated. J
-
Borislav - Should I be running other scans along with my nightly MSE and MWB scans? Reason being, neither of them caught the Trojans picked up by ESET and SPYBOT. Also - should I be concerned that Kapersky won't run (i.e. - being blocked from running by a trojan or someting) - or do we think it's something on their end. Lastly - MSE has been really good as I haven't had anything major for about 6 months. Have they been keeping up or would you suggest another free AV solution? Thanks again. JK
-
Very good. I'll wait to hear from you as to our next step. Thanks JJK
-
Borislav - Actually, the system has been running fine since removing that Trojan via the ESET scanner. However, it was that weird squidbot.dll. Now spybot showing the Virtumonde...are they related? MSE (in my nightly scan picks up nothing, same for my nightly MWB scan. Do you think we're okay? Thanks Jk
-
Borislav - I removed it with SPYBOT, however, Kapersky yielded the same response. JJK
-
Borislav - Just scanned using SPYBOT - didn't remove this but thought you should see it. Should I FIX SELECTED PROBLEMS or wait for another scan? Thanks JK Virtumonde.prx: [sBI $B6BF2145] Autorun settings (Jyefizoyizi) (Registry value, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Jyefizoyizi Statcounter: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) AdBrite: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) Zedo: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) MediaPlex: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) DoubleClick: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) LinkSynergy: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) FastClick: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) CasaleMedia: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) MediaPlex: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) Right Media: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) BurstMedia: Tracking cookie (Internet Explorer: Jim) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-04-28 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-07-28 advcheck.dll (1.6.3.17) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2009-01-26 Tools.dll (2.1.6.10) 2009-01-16 UninsSrv.dll (1.0.0.0) 2010-10-05 Includes\Adware.sbi (*) 2010-11-30 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2010-12-14 Includes\Dialer.sbi (*) 2010-12-14 Includes\DialerC.sbi (*) 2010-01-25 Includes\HeavyDuty.sbi (*) 2010-11-30 Includes\Hijackers.sbi (*) 2010-11-30 Includes\HijackersC.sbi (*) 2010-09-15 Includes\iPhone.sbi (*) 2010-12-14 Includes\Keyloggers.sbi (*) 2010-12-14 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2010-12-14 Includes\Malware.sbi (*) 2010-12-22 Includes\MalwareC.sbi (*) 2010-05-18 Includes\PUPS.sbi (*) 2010-12-14 Includes\PUPSC.sbi (*) 2010-01-25 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2010-12-14 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2010-12-14 Includes\Spyware.sbi (*) 2010-12-14 Includes\SpywareC.sbi (*) 2010-03-08 Includes\Tracks.uti 2010-11-02 Includes\Trojans.sbi (*) 2010-12-17 Includes\TrojansC-02.sbi (*) 2010-12-16 Includes\TrojansC-03.sbi (*) 2010-12-16 Includes\TrojansC-04.sbi (*) 2010-12-21 Includes\TrojansC-05.sbi (*) 2010-12-16 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll
-
Borislav - After 20 minutes or so of updating, it says update failed - license expired. Tried to do it again - same thing. What can I be doing wrong? Thanks JK
-
Borislav - I didn't see a way to copy a log, it just gave me the option to copy the found item to the clipboard. This is what I sent. It doesn't seem to be re-directing me now, however, I'm not sure. jk
-
Borislav - Merry Christmas! I'm not sure if I did that right, however, I didn't see a place to copy a log file. Just copied what was found to clipboard and sent. Also restarted. This morning I noticed occasional re-directs via Google that seem to be okay now. After the restart, it said the squidbot.dll was missing. I take that as a good sign. Will that error message continually pop up? Thanks again. I await your next instructions - whenever is convenient for you. JK
-
C:\WINDOWS\iqudibot.dll a variant of Win32/Cimag.FK trojan cleaned by deleting (after the next restart) - quarantined
-
Got it. Just saw the CLOYONAFA extension in the log and thought it was strange. When I get back home (sometime tonight), I will run the ESET scan and report back. In the meantime - Happy Holidays! JK
-
Borislav - Before we proceed, I thought you should know this: I reviewed my MWB log and back on 6/30, this is the exact file that you and I first worked on together. Could it be MSE just somehow picked it up from the Quarantine? Forgive me if what I suggest sounds foolish. Thanks, JK
-
Borislav - Here's what the history shows: FILE C:/WINDOWS/MSXSRSHC.DLL PROCESS: PID: 12180 PROCESS: PID: 1752 REG KEY: HKCU@S-1-5-21-1935655697-602162358-839522115-1004/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/RUN//CLOYONAFA RUN KEY: HKCU@S-1-5-21-1935655697-602162358-839522115-1004/SOFTWARE/MICROSOFT/WINDOWS/CURRENTVERSION/RUN//CLOYONAFA Thanks Jk
-
Borislav - Thanks. I did so and thought everything was clean...but now, during a nightly full scan, Security Essentials found (and removed) the following: Trojan:Win32/Hiloti.gen!D. Don't get it - everything seemed fine and the only thing that was done ( I think - as I have teenage kids...) was a 24-hour STEAM game download. A subsequent QUICK SCAN from MSE came up clean as did a MWB QUICKSCAN. Could this be related to the first one? Or - do you think it's totally unrelated? As always, I really appreciate your help and guidance. Wishing you and yours the best of the season. Jk
-
Borislav - Seems to be okay...however, I just noticed that in my start menu - under PROGRAMS - the last entry is SYSTEM TOOLS 2011. Thanks JK
-
Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5364 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 12/20/2010 9:39:09 PM mbam-log-2010-12-20 (21-39-09).txt Scan type: Quick scan Objects scanned: 156784 Time elapsed: 3 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Here you go: All processes killed ========== FILES ========== C:\Documents and Settings\All Users\Application Data\gIoAl06301 folder moved successfully. C:\WINDOWS\8F1A20DC251D47B091B7DCA2523EE6C9.TMP folder moved successfully. C:\WINDOWS\msdownld.tmp folder moved successfully. C:\WINDOWS\Fonts\SET479.tmp moved successfully. C:\WINDOWS\Fonts\SET47A.tmp moved successfully. C:\WINDOWS\Fonts\SET47B.tmp moved successfully. C:\WINDOWS\Fonts\SET47C.tmp moved successfully. C:\WINDOWS\Fonts\SET47D.tmp moved successfully. C:\WINDOWS\Fonts\SET47E.tmp moved successfully. C:\WINDOWS\Fonts\SET55F.tmp moved successfully. C:\WINDOWS\Fonts\SET560.tmp moved successfully. C:\WINDOWS\Fonts\SET561.tmp moved successfully. C:\WINDOWS\Fonts\SET562.tmp moved successfully. C:\WINDOWS\Fonts\SET563.tmp moved successfully. C:\WINDOWS\Fonts\SET564.tmp moved successfully. C:\Documents and Settings\Jim\Application Data\YQzcnqK5at.gif moved successfully. C:\Documents and Settings\Jim\Application Data\YQzcnqK5by.gif moved successfully. C:\Documents and Settings\Jim\Application Data\YQzcnqK5zn.gif moved successfully. C:\Documents and Settings\Jim\Local Settings\Application Data\TA45p2 moved successfully. C:\Documents and Settings\All Users\Application Data\TA45p2 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 0 bytes User: Jim ->Temp folder emptied: 1596 bytes ->Temporary Internet Files folder emptied: 9191215 bytes ->Java cache emptied: 57311 bytes ->FireFox cache emptied: 38635864 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 88361 bytes User: LocalService ->Temp folder emptied: 65748 bytes ->Temporary Internet Files folder emptied: 32902 bytes User: NetworkService ->Temp folder emptied: 867668 bytes ->Temporary Internet Files folder emptied: 1448108 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 21578 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 26522996 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 73.00 mb OTL by OldTimer - Version 3.2.17.3 log created on 12172010_194731 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
-
Borislav - Thanks for your input. You were very helpful to my a few months back...nice working with you again. Here you go: OTL logfile created on: 12/16/2010 6:38:35 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jim\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free 9.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 5373 5373 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 123.25 Gb Free Space | 41.35% Space Free | Partition Type: NTFS Drive F: | 298.08 Gb Total Space | 18.10 Gb Free Space | 6.07% Space Free | Partition Type: NTFS Computer Name: JIM-1 | User Name: Jim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Jim\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) PRC - C:\Program Files\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.) PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation) PRC - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) PRC - C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Jim\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation) SRV - (FlipShare Service) -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe () SRV - (DAUpdaterSvc) -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare) SRV - (LiveTurbineMessageService) -- C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe (Turbine, Inc.) SRV - (LiveTurbineNetworkService) -- C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe (Turbine, Inc.) SRV - (Viewpoint Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.) SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (Norton Ghost) -- C:\Program Files\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (SABProcEnum) -- C:\Program Files\Internet Explorer\SABProcEnum.sys File not found DRV - (PCAMPR5) -- C:\WINDOWS\System32\PCAMPR5.SYS File not found DRV - (cpuz130) -- C:\DOCUME~1\Jim\LOCALS~1\Temp\cpuz130\cpuz_x32.sys File not found DRV - (catchme) -- C:\DOCUME~1\Jim\LOCALS~1\Temp\catchme.sys File not found DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.) DRV - (MPE) -- C:\WINDOWS\system32\drivers\mpe.sys (Microsoft Corporation) DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider) DRV - (gdrv) -- C:\WINDOWS\gdrv.sys (Windows ® 2000 DDK provider) DRV - (SSKBFD) -- C:\WINDOWS\system32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (WimFltr) -- C:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation) DRV - (symsnap) -- C:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft) DRV - (v2imount) -- C:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation) DRV - (VProEventMonitor) -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation) DRV - (emAudio) -- C:\WINDOWS\system32\drivers\emAudio.sys (Pinnacle Systems GmbH) DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider) DRV - (DCamUSBEMPIA) -- C:\WINDOWS\system32\drivers\emDevice.sys (eMPIA Technology, Inc.) DRV - (FiltUSBEMPIA) -- C:\WINDOWS\system32\drivers\emFilter.sys (eMPIA Technology, Inc.) DRV - (ScanUSBEMPIA) -- C:\WINDOWS\system32\drivers\emScan.sys (eMPIA Technology, Inc.) DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology) DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology) DRV - (SMBios) Intel ® -- C:\WINDOWS\system32\drivers\SMBios.sys (Intel Corporation) DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology) DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.) DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys () ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com" FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {C4211278-C4BC-42CA-B51E-5003A82EBDD4}:1.9.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.6 FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:25 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{C4211278-C4BC-42CA-B51E-5003A82EBDD4}: C:\Documents and Settings\Jim\Local Settings\Application Data\{C4211278-C4BC-42CA-B51E-5003A82EBDD4} [2010/08/29 09:46:59 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/10/20 18:49:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/09/04 12:50:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/20 18:48:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/20 18:49:09 | 000,000,000 | ---D | M] [2010/03/27 14:09:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions [2010/03/27 14:09:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2008/10/13 17:05:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Extensions\home2@tomtom.com [2010/11/21 17:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\uckq9agm.default\extensions [2010/07/28 11:00:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jim\Application Data\Mozilla\Firefox\Profiles\uckq9agm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/11/21 17:27:54 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/12 19:17:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/04/19 19:50:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/04 12:50:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/11/10 20:10:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/07/12 19:17:01 | 000,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/07/12 19:17:01 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2008/08/05 15:58:52 | 001,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2008/08/05 15:59:16 | 000,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2010/07/12 19:17:08 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2010/10/20 18:48:52 | 000,140,864 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2010/05/01 23:11:55 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2010/05/01 23:11:56 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2010/10/20 18:49:09 | 000,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll [2010/10/20 18:48:43 | 000,098,304 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll [2010/07/12 19:17:09 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2010/07/12 19:17:09 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2010/07/12 19:17:09 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2010/07/12 19:17:09 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2010/07/12 19:17:09 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2010/07/12 19:17:09 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2010/07/12 19:17:09 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/12/15 20:16:07 | 000,000,027 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll File not found O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.) O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Norton Ghost 12.0] C:\Program Files\Norton Ghost\Agent\VProTray.exe (Symantec Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [uSB2Check] C:\WINDOWS\system32\PCLECoInst.DLL (Pinnacle Systems) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKCU..\Run: [steam] c:\program files\steam\steam.exe (Valve Corporation) O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe (RescueTime, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites) O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s...ri_4.1.71.0.cab (SysInfo Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.srtest.com/srl_bin/sysreqlab_srl.cab (System Requirements Lab Class) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.) O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.) O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control) O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase6087.cab (Windows Live Safety Center Base Module) O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class) O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.systemrequirementslab.com/sysreqlab2.cab (Reg Error: Key error.) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1194645270687 (MUWebControl Class) O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownlo...iaSmartScan.cab (NVIDIA Smart Scan) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab (Pearson Installation Assistant 2) O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} http://www.pcpitstop.com/mhLbl.cab (mhLabel Class) O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} http://service.futuremark.com/openapi/receivers/FMSI.cab (Futuremark SystemInfo) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} http://asp.mathxl.com/books/_Players/MathPlayer.cab (Pearson MathXL Player) O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s...yri_4.3.1.0.cab (SysInfo Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - Reg Error: Key error. File not found O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - Reg Error: Key error. File not found O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - Reg Error: Key error. File not found O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/11/09 11:27:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{2b8fcd6a-7b94-11df-8ced-001d7d954a6d}\Shell\AutoRun\command - "" = G:\Setup_FlipShare.exe -- File not found O33 - MountPoints2\{2b8fcd6a-7b94-11df-8ced-001d7d954a6d}\Shell\Setup FlipShare\command - "" = G:\Setup_FlipShare.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found ========== Files/Folders - Created Within 30 Days ========== [2010/12/16 18:37:11 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe [2010/12/15 19:33:20 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent [2010/12/14 22:43:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gIoAl06301 [2010/12/14 21:34:00 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys [2010/12/14 21:33:17 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe [2010/12/01 11:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\PMB Files [2010/12/01 11:53:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2010/12/01 11:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks [2010/11/21 10:17:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Fallout3 [2010/11/18 12:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll [2009/11/25 22:43:22 | 001,312,080 | ---- | C] (Malwarebytes Corporation) -- C:\Program Files\59B770ebQ.exe [2008/10/13 17:25:29 | 009,679,360 | ---- | C] (TomTom | Macrovision Corporation) -- C:\Program Files\TomTomHOMEwinlatest.exe [2008/10/13 17:16:11 | 019,411,496 | ---- | C] (TomTom International B.V.) -- C:\Program Files\TomTomHOME2winlatest.exe [2007/11/22 22:18:02 | 000,585,257 | ---- | C] (TablEdit ) -- C:\Program Files\tabled32.exe [2007/11/20 19:03:15 | 003,469,976 | ---- | C] (DivX, Inc.) -- C:\Program Files\DivXCodec.exe [1998/12/08 20:53:54 | 000,186,368 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAREG.DLL [1998/12/08 20:53:54 | 000,099,840 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRAABOUT.DLL [1998/12/08 20:53:54 | 000,070,144 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAMDMTR.DLL [1998/12/08 20:53:54 | 000,048,640 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRALPTTR.DLL [1998/12/08 20:53:54 | 000,031,744 | ---- | C] (Symantec Corp., Peter Norton Computing Group) -- C:\Program Files\Common Files\IRAWEBTR.DLL [1998/12/08 20:53:54 | 000,017,920 | ---- | C] (Symantec Corp.) -- C:\Program Files\Common Files\IRASRIAL.DLL [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [12 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/12/16 18:38:01 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-1004.job [2010/12/16 18:38:01 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-1004.job [2010/12/16 18:37:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe [2010/12/16 16:45:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/12/15 20:16:07 | 000,000,027 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/12/15 19:37:55 | 000,271,490 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2010/12/15 19:37:40 | 000,000,432 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics [2010/12/15 19:37:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/12/15 19:36:14 | 000,004,096 | -HS- | M] () -- C:\VSNAP.IDX [2010/12/15 19:33:30 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/12/15 03:21:44 | 000,283,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/12/12 10:51:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/12/12 10:50:45 | 000,037,376 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/12/08 10:56:26 | 000,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB [2010/12/06 23:07:55 | 036,980,540 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\3CC_master3.wav [2010/12/05 20:02:59 | 000,500,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/12/05 20:02:59 | 000,095,458 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/12/04 01:59:34 | 003,262,588 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\THREE CENT CINEMA MASTER1.mp3 [2010/11/30 18:50:20 | 000,000,215 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Assassin's Creed II.url [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/11/21 14:54:47 | 000,001,841 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Fallout 3 (2).lnk [2010/11/18 12:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll [2010/11/18 12:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/12/13 21:01:47 | 000,000,282 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1935655697-602162358-839522115-1004.job [2010/12/13 21:01:47 | 000,000,274 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1935655697-602162358-839522115-1004.job [2010/12/08 10:56:26 | 000,009,662 | ---- | C] () -- C:\WINDOWS\EPISME00.SWB [2010/12/06 23:07:55 | 036,980,540 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\3CC_master3.wav [2010/12/04 01:59:34 | 003,262,588 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\THREE CENT CINEMA MASTER1.mp3 [2010/11/30 18:50:20 | 000,000,215 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Assassin's Creed II.url [2010/11/21 14:54:47 | 000,001,841 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Fallout 3 (2).lnk [2010/06/11 02:08:18 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2010/03/29 14:59:12 | 000,017,388 | -HS- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\TA45p2 [2010/03/29 14:59:12 | 000,017,388 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\TA45p2 [2009/11/15 10:34:28 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\fusioncache.dat [2009/10/12 19:51:16 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\housecall.guid.cache [2009/09/03 20:09:43 | 000,002,119 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5at.gif [2009/09/03 20:09:43 | 000,000,607 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5zn.gif [2009/09/03 20:09:43 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\YQzcnqK5by.gif [2009/08/07 18:51:34 | 000,178,430 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2009/07/13 05:18:16 | 000,281,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2009/07/13 05:18:15 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2009/06/21 16:49:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini [2009/05/17 17:35:19 | 000,137,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys [2009/05/17 17:35:19 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\PnkBstrK.sys [2009/05/10 20:44:25 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini [2009/03/10 13:27:44 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2009/02/16 14:52:09 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini [2008/08/05 16:02:12 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/08/05 15:58:14 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/05/19 00:37:11 | 004,846,342 | ---- | C] () -- C:\Program Files\REVISED BACK ART.bmp [2008/03/21 22:50:04 | 000,142,749 | ---- | C] () -- C:\Program Files\morebackcover3ix0.jpg [2008/03/21 22:47:18 | 000,041,392 | ---- | C] () -- C:\Program Files\coverart3xb3.jpg [2008/03/21 21:59:02 | 000,093,218 | ---- | C] () -- C:\Program Files\untitled444.PNG [2008/03/21 21:50:53 | 000,113,997 | ---- | C] () -- C:\Program Files\untitled333.PNG [2008/03/20 16:57:25 | 000,102,447 | ---- | C] () -- C:\Program Files\untitled222.PNG [2008/03/20 15:34:21 | 000,129,823 | ---- | C] () -- C:\Program Files\untitled.bmp [2008/03/14 23:26:20 | 000,135,318 | ---- | C] () -- C:\Program Files\cdstomperew5.png [2008/03/08 02:21:51 | 000,498,870 | ---- | C] () -- C:\Program Files\cd3.bmp [2008/03/08 02:07:40 | 000,498,870 | ---- | C] () -- C:\Program Files\cd sticker2.bmp [2008/03/08 02:04:17 | 001,562,706 | ---- | C] () -- C:\Program Files\cd2.bmp [2008/02/28 18:39:05 | 000,000,022 | ---- | C] () -- C:\WINDOWS\kodakpcd.Jim.ini [2008/02/27 15:35:44 | 026,166,770 | ---- | C] () -- C:\Program Files\NAV05ENG.exe [2008/02/19 00:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll [2008/01/16 11:58:30 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2008/01/16 11:58:30 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2008/01/09 15:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini [2007/12/24 22:39:08 | 000,037,376 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007/12/09 12:01:24 | 000,000,063 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ts_infos.ini [2007/11/25 19:53:05 | 009,479,520 | ---- | C] () -- C:\Program Files\winzip111.exe [2007/11/22 22:18:24 | 000,002,545 | ---- | C] () -- C:\WINDOWS\tabled32.ini [2007/11/14 15:58:02 | 000,000,707 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI [2007/11/14 15:53:24 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini [2007/11/12 22:48:37 | 000,002,543 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2007/11/11 09:48:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2007/11/11 00:59:51 | 000,004,105 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2007/11/11 00:22:41 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini [2007/11/10 14:49:37 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2007/11/10 14:47:33 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPCX4800.ini [2007/11/09 18:56:21 | 000,215,144 | R--- | C] () -- C:\WINDOWS\patchw32.dll [2007/11/09 18:55:41 | 000,215,144 | R--- | C] () -- C:\WINDOWS\pw32a.dll [2007/11/09 17:28:52 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/11/09 17:28:51 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini [2007/11/09 17:28:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI [2007/11/09 16:29:05 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2007/11/09 05:16:40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2004/08/04 06:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004/08/04 06:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004/08/04 06:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004/08/04 06:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004/08/04 06:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1999/01/22 12:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL [1998/01/12 02:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL [1996/04/03 13:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys ========== LOP Check ========== [2009/05/31 09:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy [2009/11/09 15:58:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare [2009/09/25 19:09:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2009/06/21 16:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES [2010/11/21 10:17:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3 [2010/04/08 19:06:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video [2010/12/14 23:02:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gIoAl06301 [2010/12/13 20:04:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2009/03/10 13:08:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle [2010/12/01 11:53:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files [2007/11/09 17:32:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT [2010/05/16 14:50:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony [2009/06/21 16:49:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10 [2010/01/24 18:40:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut [2008/10/13 17:28:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom [2009/05/11 13:12:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Turbine [2010/03/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft [2008/11/30 14:21:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/03/17 04:52:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip [2008/06/27 18:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZipSE [2009/09/17 17:42:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/10/14 12:10:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/09/03 20:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Bioshock [2009/04/19 14:40:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Braid [2009/10/11 10:03:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2008/02/27 16:12:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Comcast [2008/03/17 17:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Command & Conquer 3 Tiberium Wars Demo [2010/02/20 14:11:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Games [2009/07/18 13:06:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Gearbox Software [2009/07/12 21:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\GetRightToGo [2007/11/10 14:51:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech [2008/08/22 21:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\LimeWire [2009/07/14 21:49:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\My Games [2009/09/03 18:23:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\NationRed [2008/08/27 19:23:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Notepad++ [2009/02/16 14:52:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\pdf995 [2010/05/16 14:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Publish Providers [2009/07/12 18:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SaintXi [2010/05/16 18:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Sony [2009/09/13 12:36:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\SteamPopCapv1001 [2010/12/13 20:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TaxCut [2009/06/21 12:03:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\The Creative Assembly [2009/06/12 22:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\The Path [2008/03/06 21:56:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\TomTom [2010/05/16 14:41:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Tropico 3 Demo [2010/03/09 18:49:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Ubisoft [2010/05/15 15:18:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Unity [2008/11/30 14:21:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Viewpoint ========== Purity Check ========== < End of report > OTL Extras logfile created on: 12/16/2010 6:38:35 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Jim\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 75.00% Memory free 9.00 Gb Paging File | 8.00 Gb Available in Paging File | 90.00% Paging File free Paging file location(s): C:\pagefile.sys 5373 5373 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 298.08 Gb Total Space | 123.25 Gb Free Space | 41.35% Space Free | Partition Type: NTFS Drive F: | 298.08 Gb Total Space | 18.10 Gb Free Space | 6.07% Space Free | Partition Type: NTFS Computer Name: JIM-1 | User Name: Jim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .exe [@ = exefile] -- Reg Error: Key error. File not found .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "56741:TCP" = 56741:TCP:*:Enabled:Pando Media Booster "56741:UDP" = 56741:UDP:*:Enabled:Pando Media Booster [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 "56741:TCP" = 56741:TCP:*:Enabled:Pando Media Booster "56741:UDP" = 56741:UDP:*:Enabled:Pando Media Booster ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- () "C:\WINDOWS\system32\defrag.exe" = C:\WINDOWS\system32\defrag.exe:*:Enabled:defrag -- (Microsoft Corp. and Executive Software International, Inc.) "C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:TurbineMessageService -- (Turbine, Inc.) "C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:TurbineNetworkService -- (Turbine, Inc.) "C:\WINDOWS\system32\PnkBstrA.exe" = C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA -- () "C:\WINDOWS\system32\PnkBstrB.exe" = C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB -- () "C:\Program Files\Steam\SteamApps\jkalabokis\team fortress 2\hl2.exe" = C:\Program Files\Steam\SteamApps\jkalabokis\team fortress 2\hl2.exe:*:Enabled:hl2 -- () "%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found "C:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe" = C:\Program Files\Steam\SteamApps\common\fear2\FEAR2.exe:*:Enabled:F.E.A.R. 2: Project Origin -- (Monolith Productions, Inc.) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\Steam\steam.exe" = C:\Program Files\Steam\steam.exe:*:Enabled:Steam -- (Valve Corporation) "C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaW.exe" = C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaW.exe:*:Enabled:Call of Duty: World at War -- (Activision Blizzard, Inc.) "C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaWmp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty world at war\CoDWaWmp.exe:*:Enabled:Call of Duty: World at War -- (Activision Blizzard, Inc.) "C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe" = C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher -- (Ubisoft) "C:\Program Files\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe" = C:\Program Files\Steam\SteamApps\common\r.u.s.e. beta\Ruse.exe:*:Enabled:R.U.S.E. Beta -- () "C:\Program Files\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe" = C:\Program Files\Steam\SteamApps\common\mass effect 2\Binaries\MassEffect2.exe:*:Enabled:Mass Effect 2 -- (BioWare) "C:\Program Files\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe" = C:\Program Files\Steam\SteamApps\common\mass effect 2\MassEffect2Launcher.exe:*:Enabled:Mass Effect 2 -- (BioWare) "C:\Program Files\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm" = C:\Program Files\Steam\SteamApps\common\mass effect 2\docs\EA Help\Electronic_Arts_Technical_Support.htm:*:Enabled:Mass Effect 2 -- () "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4sp.exe:*:Enabled:Call of Duty: Modern Warfare 2 -- () "C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe" = C:\Program Files\Steam\SteamApps\common\call of duty modern warfare 2\iw4mp.exe:*:Enabled:Call of Duty: Modern Warfare 2 - Multiplayer -- () "C:\Program Files\StarCraft II\StarCraft II.exe" = C:\Program Files\StarCraft II\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment) "C:\Program Files\Steam\SteamApps\common\r.u.s.e. demo\Ruse.exe" = C:\Program Files\Steam\SteamApps\common\r.u.s.e. demo\Ruse.exe:*:Enabled:R.U.S.E. Demo -- (Eugen Systems) "C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Disabled:${SafeProductName} ${FirewallName_Game} -- (BioWare) "C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Disabled:${SafeProductName} ${FirewallName_Launcher} -- (BioWare) "C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Disabled:${SafeProductName} ${FirewallName_Updater} -- (BioWare) "C:\Program Files\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe" = C:\Program Files\Steam\SteamApps\common\assassin's creed 2\AssassinsCreedIIGame.exe:*:Enabled:Assassin's Creed II -- () "C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- () "C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe" = C:\Program Files\Steam\SteamApps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V -- (Firaxis Games) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional "{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2 "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC "{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab "{20207CCE-A8FA-44A7-AA3D-1E43EB307B27}" = Sony Sound Forge Audio Studio 9.0 "{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2505571C-03B3-4F9F-AC35-33F1CB4B5E9E}_is1" = RescueTime 2.2.3 "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java 6 Update 22 "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt "{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine "{2E660A2A-A55F-43CD-9F73-CAD7382EEB78}" = Microsoft Games for Windows - LIVE Redistributable "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A14DB5B-8D96-400C-BD97-A5656779099D}" = ArcSoft PhotoStudio 5.5 "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{53A19323-917A-4822-B27E-A57D1EF6E9FC}" = H&R Block Deluxe + Efile + State 2009 "{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{9175D434-CEE7-486F-BE09-15C4A18ABC9C}" = TaxCut Illinois 2008 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{97E038E1-41AD-4C93-BCDC-6A2394AEE352}" = Vegas Movie Studio Platinum 9.0 "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BB69D0F-1369-4DBD-99A9-1BC228ED1033}" = Nero 7 Essentials "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe