Jump to content

trulylaconic

Members
  • Posts

    6
  • Joined

  • Last visited

Everything posted by trulylaconic

  1. All processes killed ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Chad ->Temp folder emptied: 896229391 bytes ->Temporary Internet Files folder emptied: 245282765 bytes ->Java cache emptied: 137431162 bytes ->FireFox cache emptied: 57768099 bytes ->Google Chrome cache emptied: 167411416 bytes ->Flash cache emptied: 5433835 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 197115003 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 2696035800 bytes Total Files Cleaned = 4,199.00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03222011_103728 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
  2. OK. I deleted the two malware related files. The file on my desktop is the GMER Rootkit Scanner. OTL is running now. I'll post the log when its finished.
  3. Just a quick note. Internet Explorer is working fine, it was just the shortcut that was bad. Everything seems to be ok. Let me know if you see anything I should be worried about in the Logs. Thanks a bunch!
  4. I was able to run Malwarebytes and then OTL. The fake antivirus seems to be gone. However, for some reason I can't run Internet Explorer (Firefox works fine), it says Explorer.exe not found? Thanks for the help! Here are the logs: Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6131 Windows 6.0.6002 Service Pack 2 (Safe Mode) Internet Explorer 7.0.6002.18005 3/22/2011 9:15:20 AM mbam-log-2011-03-22 (09-15-20).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 320523 Time elapsed: 47 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Users\Chad\AppData\Local\nlu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Chad\AppData\Local\xew.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. c:\Users\Chad\AppData\LocalLow\Sun\Java\deployment\cache\6.0\18\6f89b652-10c29a58 (Trojan.FakeAlert) -> Quarantined and deleted successfully. OTL logfile created on: 3/22/2011 9:25:58 AM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chad\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136.74 Gb Total Space | 81.28 Gb Free Space | 59.44% Space Free | Partition Type: NTFS Drive D: | 9.77 Gb Total Space | 5.63 Gb Free Space | 57.63% Space Free | Partition Type: NTFS Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/03/22 09:25:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Downloads\OTL.exe PRC - [2011/03/16 13:08:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011/03/05 19:05:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe PRC - [2010/11/17 12:40:26 | 000,473,616 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe PRC - [2010/11/02 20:44:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010/11/02 20:44:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010/10/14 14:23:33 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009/07/28 12:00:40 | 000,030,720 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe PRC - [2007/11/12 06:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe ========== Modules (SafeList) ========== MOD - [2011/03/22 09:25:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Downloads\OTL.exe MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - [2011/03/17 20:53:21 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai) SRV - [2011/03/16 13:08:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service) SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc) SRV - [2010/11/02 20:44:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009/07/28 12:00:40 | 000,030,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD) SRV - [2008/07/17 02:14:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist) SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV) SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters) SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® ========== Driver Services (SafeList) ========== DRV - [2011/03/22 09:16:48 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{830320D8-B7EC-4305-B801-AC77E78AADE7}\MpKsl87cb29b3.sys -- (MpKsl87cb29b3) DRV - [2011/03/16 13:08:45 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010/11/22 19:53:48 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon) DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth) DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2008/12/27 17:15:50 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2008/12/27 17:15:50 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2008/04/01 14:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb) DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel® DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA) DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080717 IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080717 IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/04 14:23:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 19:05:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 19:05:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2010/12/25 17:59:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins [2008/08/20 15:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions [2011/03/21 09:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wl1vffoc.default\extensions [2010/12/11 16:25:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wl1vffoc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010/12/11 16:25:07 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wl1vffoc.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06} [2010/12/12 11:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/05/12 21:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/09/17 15:56:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/12/12 11:42:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/11/04 14:23:52 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3 [2009/12/04 11:48:23 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\CHAD\APPDATA\ROAMING\MOVE NETWORKS [2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/06/09 14:57:19 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.) O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( ) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3454773596-171055287-479412992-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3454773596-171055287-479412992-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-3454773596-171055287-479412992-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.) O24 - Desktop WallPaper: C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O24 - Desktop BackupWallPaper: C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3dece600-3156-11df-b471-00219bce7579}\Shell - "" = AutoRun O33 - MountPoints2\{3dece600-3156-11df-b471-00219bce7579}\Shell\AutoRun\command - "" = G:\start.exe O33 - MountPoints2\{abc69197-23ca-11de-9bc3-00219bce7579}\Shell - "" = AutoRun O33 - MountPoints2\{abc69197-23ca-11de-9bc3-00219bce7579}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{deaf1b83-8b6e-11dd-9dfb-00219bce7579}\Shell - "" = AutoRun O33 - MountPoints2\{deaf1b83-8b6e-11dd-9dfb-00219bce7579}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/03/22 08:26:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011/03/22 08:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011/03/22 08:26:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011/03/21 21:05:36 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chad\Desktop\bill.exe.exe [2011/03/17 15:34:37 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011/03/16 17:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker [2011/03/09 12:04:24 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\PokerStars [2011/03/09 12:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars [2011/02/26 09:27:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011/02/24 15:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android [2011/02/24 15:39:28 | 000,013,312 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\System32\drivers\pneteth.sys [2011/02/24 15:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\PdaNet for Android [2 C:\Users\Chad\Desktop\*.tmp files -> C:\Users\Chad\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/03/22 09:28:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/03/22 09:21:24 | 010,885,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/03/22 09:21:23 | 003,817,338 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/03/22 09:19:57 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2011/03/22 09:17:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/03/22 09:17:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/03/22 09:17:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/03/22 09:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/03/22 09:16:26 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys [2011/03/22 08:26:05 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/22 08:23:59 | 001,006,764 | ---- | M] () -- C:\Users\Chad\Desktop\rkill.exe [2011/03/22 08:21:09 | 000,000,550 | ---- | M] () -- C:\Users\Chad\Desktop\fixme.bat [2011/03/22 08:18:46 | 000,013,326 | -HS- | M] () -- C:\Users\Chad\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q [2011/03/22 08:18:46 | 000,013,326 | -HS- | M] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q [2011/03/21 23:52:24 | 000,003,374 | ---- | M] () -- C:\Users\Chad\Desktop\Attach.zip [2011/03/21 23:03:24 | 000,301,568 | ---- | M] () -- C:\Users\Chad\Desktop\kxw4ejdc.exe [2011/03/21 23:00:18 | 000,625,664 | ---- | M] () -- C:\Users\Chad\Desktop\dds.scr [2011/03/21 22:58:33 | 000,000,000 | ---- | M] () -- C:\Users\Chad\defogger_reenable [2011/03/21 22:57:00 | 000,050,477 | ---- | M] () -- C:\Users\Chad\Desktop\Defogger.exe [2011/03/21 21:05:45 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chad\Desktop\bill.exe.exe [2011/03/21 20:56:48 | 000,001,356 | ---- | M] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat [2011/03/16 13:08:45 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011/03/02 13:39:13 | 000,172,634 | ---- | M] () -- C:\Users\Chad\Documents\ResumeChadKyleB.pdf [2011/02/24 15:39:31 | 000,000,840 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2 C:\Users\Chad\Desktop\*.tmp files -> C:\Users\Chad\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/03/22 09:16:26 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys [2011/03/22 08:26:05 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011/03/22 08:23:53 | 001,006,764 | ---- | C] () -- C:\Users\Chad\Desktop\rkill.exe [2011/03/22 08:21:09 | 000,000,550 | ---- | C] () -- C:\Users\Chad\Desktop\fixme.bat [2011/03/21 23:52:24 | 000,003,374 | ---- | C] () -- C:\Users\Chad\Desktop\Attach.zip [2011/03/21 23:03:12 | 000,301,568 | ---- | C] () -- C:\Users\Chad\Desktop\kxw4ejdc.exe [2011/03/21 23:00:15 | 000,625,664 | ---- | C] () -- C:\Users\Chad\Desktop\dds.scr [2011/03/21 22:58:33 | 000,000,000 | ---- | C] () -- C:\Users\Chad\defogger_reenable [2011/03/21 22:56:59 | 000,050,477 | ---- | C] () -- C:\Users\Chad\Desktop\Defogger.exe [2011/03/21 19:36:48 | 000,013,326 | -HS- | C] () -- C:\Users\Chad\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q [2011/03/21 19:36:48 | 000,013,326 | -HS- | C] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q [2011/03/02 13:39:11 | 000,172,634 | ---- | C] () -- C:\Users\Chad\Documents\ResumeChadKyleB.pdf [2011/02/26 09:23:55 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011/02/26 09:23:55 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2011/02/26 09:23:54 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011/02/24 15:39:31 | 000,000,840 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk [2010/11/04 14:09:20 | 000,201,659 | ---- | C] () -- C:\Windows\hpoins43.dat [2010/08/22 18:41:53 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin [2009/10/22 14:48:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/10/22 14:48:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/06/24 15:17:39 | 000,000,552 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d8caps.dat [2009/05/22 04:25:35 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat [2009/04/08 17:16:53 | 000,020,480 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/01/19 12:36:13 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll [2008/12/27 17:15:50 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2008/12/27 17:15:50 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2008/08/26 16:43:24 | 000,001,732 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\wklnhst.dat [2008/08/26 03:05:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/08/24 13:04:41 | 000,001,356 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat [2008/07/17 04:39:40 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll [2008/07/17 04:39:40 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll [2008/07/17 04:39:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll [2008/07/17 04:39:40 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll [2008/07/17 04:39:40 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll [2008/07/17 04:39:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008/07/17 02:01:57 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008/07/17 02:01:57 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini [2008/02/03 18:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 07:47:37 | 000,382,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 05:33:01 | 010,885,230 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 05:33:01 | 003,817,338 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009/09/13 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\CanuckSoftware [2011/03/17 15:34:37 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/08/22 18:41:40 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Research In Motion [2010/09/25 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\StreamTorrent [2008/08/26 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Template [2011/03/21 19:39:40 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 81 bytes -> C:\Program Files\PlayersOnly Poker:MID < End of report > OTL Extras logfile created on: 3/22/2011 9:25:58 AM - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chad\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free 4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136.74 Gb Total Space | 81.28 Gb Free Space | 59.44% Space Free | Partition Type: NTFS Drive D: | 9.77 Gb Total Space | 5.63 Gb Free Space | 57.63% Space Free | Partition Type: NTFS Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l [HKEY_USERS\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{08C1CE3B-F0E6-441E-8D79-791355889234}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface | "{5A92C0E6-B56E-4822-89AF-CA1B226B3A7D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{8F347FCE-787A-4DF1-AEF7-91ABD2C974F0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | "{F7CBEE7A-3C94-4414-B60C-69612851A2DF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0309CD3E-09D5-450E-8C1F-116C18DCAE67}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{13845598-BF7B-4275-8DDF-8B64B56C693A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{15A2A896-72F6-4395-9AA2-8C8D7F7C11D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{1687D305-0CC7-47DA-97DE-64DFE6C2EDC7}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe | "{188B96D2-E6AA-42AF-8CC8-D163684B0368}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{362FFDEB-1AC6-43A4-AEE0-FE32B1D39F5E}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe | "{3D004155-C430-478A-8EFF-C5F849B039A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{40E4FD14-FAEB-498B-BD21-EEB58EFFF60F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{52280234-3EF9-4AB1-8926-EF2E75C804C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{555EA2E9-C096-42E9-9451-78DE20DD8402}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{55C14AEA-6733-4740-BA51-42DE43455F88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{5C2DE200-7A79-41C7-95EB-858547BBC265}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | "{6099C691-DAFB-4069-B37D-E7C231DA60B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | "{66EFFA8B-E085-4DE4-BCDF-3E4BB0E948DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{6B6ED02F-19CB-489B-A54F-685663AD0B04}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{703A88B0-4543-454A-A069-FA8E894ABAE6}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe | "{704D56A9-473E-4C56-9BE4-7C0187C8189D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{741B51C4-45C8-45A7-81BA-3ED2B86A9CE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{786571C4-5214-498F-A109-D338B4AA47A3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{8560A8B2-C687-440B-98A1-9985D58D34EB}" = dir=in | app=c:\program files\itunes\itunes.exe | "{8AD552B8-B454-4C42-8A49-4523822B9D1E}" = dir=in | app=e:\setup\hpznui01.exe | "{92424740-EF7D-42AE-BDA8-D289FCF0E19F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe | "{96547F59-63D2-43CB-A3AB-1B69CE5C4D83}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe | "{9AE23FCE-2AF7-4346-A433-0E904215F774}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "{AC6AFD2F-A186-42D5-884E-EDF8BDA7D483}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe | "{AE02D21E-F357-431F-9A94-EE5E2FBD96EC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{B153DA1B-4338-4081-89E1-389FAEAEC896}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C877E1E3-3592-4BCE-AE1F-5A9119C4142D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{DB0DB708-CBEB-4BF7-9E5B-D5D0979F3C29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{E3A05A65-2A1D-4B54-B543-43D6EE9DEC1C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{EB7DD14A-13CD-4B39-A637-C954B4881273}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{FE877563-4379-4DDA-8450-27AE218FA86A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe | "TCP Query User{4A78B471-9E82-43BD-9E0D-3D1A3029E122}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | "TCP Query User{DE0F9706-17DF-4952-8F51-9020FF95B11B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{DE2C69B2-A266-4AE3-8E4E-994FA236A74E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "TCP Query User{E00B72BB-CA1E-4D9C-BC75-65C09BC1A863}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "TCP Query User{E8F97066-34A4-4EE3-994E-0B5899096A89}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "UDP Query User{1BADA8E1-0477-4518-9B81-69DDADA3A580}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | "UDP Query User{88CA3D61-3BEC-4AFB-95FF-2713A25E52DA}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe | "UDP Query User{9B9BD43A-5EF9-482B-B65B-2F72862E9C99}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | "UDP Query User{CCCB5104-A031-4E0C-81FC-FB4DE6A9C4E8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | "UDP Query User{E4AC50B7-2556-46C6-B2E6-D9A5E7984319}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan "{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 "{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 23 "{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter "{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet "{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2 "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply "{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox "{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network "{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide "{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup "{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700 "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1 "{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9 "{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations "{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant "{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect "{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher "{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp "{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center "{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE "{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool "781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0) "84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0) "8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Akamai" = Akamai NetSession Interface "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus "Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "ENTERPRISER" = Microsoft Office Enterprise 2007 "ExtegrityExam40" = Extegrity Exam 4.0 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "Google Updater" = Google Updater "GoToAssist" = GoToAssist 8.0.0.514 "HP Imaging Device Functions" = HP Imaging Device Functions 13.0 "HP Print Projects" = HP Print Projects 1.0 "HP Smart Web Printing" = HP Smart Web Printing 4.5 "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0 "HPExtendedCapabilities" = HP Customer Participation Program 13.0 "InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft Security Client" = Microsoft Security Essentials "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer "Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15) "Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US) "PdaNet_is1" = PdaNet for Android 2.45 "PrimoPDF4.1.0.9" = PrimoPDF "Shop for HP Supplies" = Shop for HP Supplies "StreamTorrent 1.0" = StreamTorrent 1.0 "TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin) "UPCShell" = LeapFrog Connect "Windows Media Encoder 9" = Windows Media Encoder 9 Series "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Move Media Player" = Move Media Player "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "Qedoc Quiz Player- Criminal procedure- 4th amendment" = Qedoc Quiz Player- Criminal procedure- 4th amendment ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/6/2010 8:06:43 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 25532169 Error - 11/6/2010 8:06:59 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/6/2010 8:06:59 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 25547769 Error - 11/6/2010 8:06:59 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 25547769 Error - 11/6/2010 8:07:15 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/6/2010 8:07:15 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 25563432 Error - 11/6/2010 8:07:15 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 25563432 Error - 11/6/2010 8:07:30 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 11/6/2010 8:07:30 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 25579063 Error - 11/6/2010 8:07:30 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 25579063 [ Broadcom Wireless LAN Events ] Error - 1/30/2011 3:24:42 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 13:24:42, Sun, Jan 30, 11 Error - Unable to gain access to user store Error - 1/30/2011 7:47:49 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 17:47:48, Sun, Jan 30, 11 Error - Unable to gain access to user store Error - 2/5/2011 10:09:01 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 20:09:00, Sat, Feb 05, 11 Error - Unable to gain access to user store Error - 2/5/2011 10:28:12 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 20:28:12, Sat, Feb 05, 11 Error - Unable to gain access to user store Error - 2/11/2011 8:00:39 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 18:00:38, Fri, Feb 11, 11 Error - Unable to gain access to user store Error - 2/12/2011 3:20:43 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 13:20:43, Sat, Feb 12, 11 Error - Unable to gain access to user store Error - 3/11/2011 10:26:29 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 20:26:29, Fri, Mar 11, 11 Error - Unable to gain access to user store Error - 3/11/2011 11:18:52 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 21:18:51, Fri, Mar 11, 11 Error - Unable to gain access to user store Error - 3/18/2011 8:54:56 AM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 07:54:56, Fri, Mar 18, 11 Error - Unable to gain access to user store Error - 3/18/2011 9:12:11 AM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0 Description = 08:12:11, Fri, Mar 18, 11 Error - Unable to gain access to user store [ OSession Events ] Error - 6/29/2009 9:36:36 AM | Computer Name = Chad-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 2/14/2009 3:31:07 AM | Computer Name = Chad-PC | Source = HTTP | ID = 15016 Description = Error - 2/14/2009 3:32:43 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2/14/2009 3:32:58 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2/14/2009 3:32:58 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2/14/2009 5:00:13 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2/14/2009 5:00:14 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2/14/2009 5:00:14 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2/14/2009 5:01:14 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7009 Description = Error - 2/14/2009 5:01:14 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000 Description = Error - 2/14/2009 5:01:14 AM | Computer Name = Chad-PC | Source = DCOM | ID = 10005 Description = < End of report >
  5. I have the maleware titled Vista Total Security. It has disable my antiviruses (Avira & Microsoft Security Essentials). I am in safe mode w/ networking. I can download Malewarebytes, but I cannot install it. Here are my logs: . DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by Chad at 23:00:31.45 on Mon 03/21/2011 Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23 Microsoft Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.