Malwarebytes' Crashes after Scanning

[btong]

I have installed and updated Malwarebytes' and used the full scan. It was able to detect at least 14 infected objects. However, the program crashed at that point and said it has "stopped working." I renamed the exe file to mpp but it still didn't work. Please help.

Problem signature:

Problem Event Name: APPCRASH

Application Name: mpp.exe

Application Version: 1.46.0.1

Application Timestamp: 4bd9ed9b

Fault Module Name: mbam.dll

Fault Module Version: 1.46.0.0

Fault Module Timestamp: 4bd9baec

Exception Code: c0000005

Exception Offset: 0001fffe

OS Version: 6.0.6001.2.1.0.768.2

Locale ID: 1033

Additional Information 1: ce5d

Additional Information 2: 782fbcb50845c7c84dd3b3fc57d46cb1

Additional Information 3: 427a

Additional Information 4: 46131c3b9fdb41bd399f2b9b89745d44

[Elise]

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and re-enable all active protection when done.
  

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
  
• A new OTL log (don't forget extra.txt)
  
• GMER log
  

[btong]

Hi Elise,

Thanks for your help! Here are what you requested :

OTL.Txt

OTL logfile created on: 8/15/2010 6:46:36 AM - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\francis\Desktop\Downloads

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 99.21 Gb Total Space | 8.49 Gb Free Space | 8.56% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.78 Gb Free Space | 57.79% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CIPD-PC

Current User Name: francis

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/15 06:45:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\francis\Desktop\Downloads\OTL.exe

PRC - [2010/08/07 09:37:52 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2010/07/22 19:06:53 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/06/11 19:45:06 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe

PRC - [2010/06/11 19:44:32 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe

PRC - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2010/04/27 22:05:14 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/04/20 18:32:36 | 014,194,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SoftwareDistribution\Download\Install\NDP1.1sp1-KB979906-X86.exe

PRC - [2010/03/05 19:42:06 | 000,272,840 | ---- | M] (2X Software Ltd.) -- C:\Program Files\2X\Client\TUXCredProv.exe

PRC - [2010/02/19 20:27:16 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe

PRC - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe

PRC - [2009/07/27 17:19:10 | 000,199,184 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

PRC - [2009/07/06 18:07:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE

PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

PRC - [2009/02/06 01:00:00 | 000,843,776 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe

PRC - [2009/01/12 10:54:02 | 000,669,520 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe

PRC - [2008/11/16 23:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFHA.EXE

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/10/02 09:23:16 | 000,546,288 | ---- | M] (Google) -- C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe

PRC - [2008/09/09 10:33:12 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

PRC - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe

PRC - [2008/02/26 09:26:02 | 000,132,376 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2008/01/19 00:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008/01/19 00:33:28 | 001,169,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe

PRC - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2007/07/26 20:52:58 | 000,030,208 | ---- | M] (Q9 Technology Company Limited.) -- C:\Program Files\Q9VSB5\qtrayime.exe

PRC - [2007/07/25 14:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2007/07/25 14:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2007/06/27 03:17:02 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

PRC - [2007/06/27 03:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/05/21 01:37:00 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE

PRC - [2007/04/27 06:34:18 | 001,123,872 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2007/04/16 14:10:26 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe

PRC - [2007/03/15 10:09:36 | 000,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe

PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe

PRC - [2006/11/03 16:02:14 | 000,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe

PRC - [2006/11/02 05:34:44 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe

PRC - [2005/08/24 16:25:00 | 000,101,080 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Location Finder\LocationFinder.exe

========== Modules (SafeList) ==========

MOD - [2010/08/15 06:45:38 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\francis\Desktop\Downloads\OTL.exe

MOD - [2010/07/14 13:30:14 | 000,018,688 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2008/01/19 00:36:24 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc_os.dll

MOD - [2008/01/19 00:35:10 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll

MOD - [2008/01/19 00:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx

MOD - [2008/01/19 00:26:34 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll

MOD - [2006/11/02 02:46:13 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.dll

MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)

SRV - [2010/08/07 09:37:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)

SRV - [2010/06/11 19:45:06 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2010/05/20 17:19:16 | 000,088,176 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®

SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/05 19:42:06 | 000,272,840 | ---- | M] () [Auto | Running] -- C:\Program Files\2X\Client\\TUXCredProv.exe -- (2X SSO Service)

SRV - [2010/02/19 19:43:34 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)

SRV - [2008/08/11 12:41:00 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/09/12 17:27:24 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2007/09/12 17:27:24 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2007/07/25 14:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2007/07/25 14:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2007/06/27 03:17:00 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/03/19 10:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2010/06/11 19:44:44 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2008/01/18 22:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2007/10/22 23:45:57 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2007/10/22 23:45:57 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2007/10/22 23:45:57 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/08/13 02:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/06/27 03:17:04 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/06/25 02:13:14 | 007,110,880 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/06/03 22:21:04 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2007/05/23 14:26:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2007/05/10 23:40:28 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2007/05/09 05:46:12 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/05/09 05:46:08 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/05/09 05:46:08 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/05/09 04:22:56 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)

DRV - [2007/04/28 22:24:30 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2007/04/28 22:24:28 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2007/04/28 22:24:28 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2007/04/28 22:24:28 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)

DRV - [2007/02/25 10:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2006/11/02 02:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 02:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 02:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 02:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 02:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 02:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 02:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 02:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 02:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 02:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 02:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 02:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 02:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 02:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 02:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 02:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 02:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 02:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 00:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2006/11/02 00:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.com

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.)

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"

FF - prefs.js..browser.search.selectedEngine: "Yahoo"

FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3

FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:1.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="

FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/27 22:06:27 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/09 09:36:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/07 22:51:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/09 13:22:43 | 000,000,000 | ---D | M]

[2010/07/31 18:54:33 | 000,000,000 | ---D | M] -- C:\Users\francis\AppData\Roaming\mozilla\Extensions

[2010/08/14 23:26:24 | 000,000,000 | ---D | M] -- C:\Users\francis\AppData\Roaming\mozilla\Firefox\Profiles\slxmvuf7.default\extensions

[2010/07/31 18:55:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\francis\AppData\Roaming\mozilla\Firefox\Profiles\slxmvuf7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/08/09 13:23:32 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\francis\AppData\Roaming\mozilla\Firefox\Profiles\slxmvuf7.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/08/08 07:29:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\francis\AppData\Roaming\mozilla\Firefox\Profiles\slxmvuf7.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010/08/14 23:26:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2008/06/28 20:49:17 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2008/09/03 07:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/08/09 13:22:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2008/01/22 23:20:30 | 000,491,520 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/08/12 20:33:28 | 000,006,836 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.1.1 www.nod32-es.com

O1 - Hosts: 127.0.1.1 nod32-es.com

O1 - Hosts: 127.0.1.1 www.nod32-a.com

O1 - Hosts: 127.0.1.1 nod32-a.com

O1 - Hosts: 127.0.1.1 u21.eset.com

O1 - Hosts: 127.0.1.1 u22.eset.com

O1 - Hosts: 127.0.1.1 u23.eset.com

O1 - Hosts: 127.0.1.1 u24.eset.com

O1 - Hosts: 127.0.1.1 u25.eset.com

O1 - Hosts: 127.0.1.1 u26.eset.com

O1 - Hosts: 127.0.1.1 u27.eset.com

O1 - Hosts: 127.0.1.1 u28.eset.com

O1 - Hosts: 127.0.1.1 u29.eset.com

O1 - Hosts: 127.0.1.1 u30.eset.com

O1 - Hosts: 127.0.1.1 u31.eset.com

O1 - Hosts: 127.0.1.1 u32.eset.com

O1 - Hosts: 127.0.1.1 u33.eset.com

O1 - Hosts: 127.0.1.1 u34.eset.com

O1 - Hosts: 127.0.1.1 u35.eset.com

O1 - Hosts: 127.0.1.1 u36.eset.com

O1 - Hosts: 127.0.1.1 u37.eset.com

O1 - Hosts: 127.0.1.1 u38.eset.com

O1 - Hosts: 127.0.1.1 u39.eset.com

O1 - Hosts: 127.0.1.1 u40.eset.com

O1 - Hosts: 127.0.1.1 u41.eset.com

O1 - Hosts: 515 more lines...

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O2 - BHO: (Yahooo Search Protection) - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\YouTube Downloader Toolbar\SearchSettings.dll (Spigot, Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)

O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [iJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [searchSettings] C:\Program Files\YouTube Downloader Toolbar\SearchSettings.exe (Spigot, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)

O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000..\Run: [Microsoft Location Finder] C:\Program Files\Microsoft Location Finder\LocationFinder.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000..\Run: [search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe File not found

O4 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000..\Run: [WorkForce 310(??)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFHA.EXE (SEIKO EPSON CORPORATION)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)

O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)

O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)

O9 - Extra Button: HP ????? - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1344416606-2898777841-2257042528-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\francis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\francis\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{068226b5-50e4-11dd-88f5-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\ji83j.exe -- File not found

O33 - MountPoints2\{068226b5-50e4-11dd-88f5-001c23a4ae3c}\Shell\open\Command - "" = F:\ji83j.exe -- File not found

O33 - MountPoints2\{14dd8f58-538d-11de-9596-001c23a4ae3c}\Shell\verb1\command - "" = Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.BAT

O33 - MountPoints2\{2232c1b7-bd15-11de-878c-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\wkimt.exe -- File not found

O33 - MountPoints2\{2232c1b7-bd15-11de-878c-001c23a4ae3c}\Shell\open\Command - "" = F:\wkimt.exe -- File not found

O33 - MountPoints2\{22d7fb9b-3004-11dd-962a-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\tasumae\2349284.exe -- File not found

O33 - MountPoints2\{22d7fb9b-3004-11dd-962a-001c23a4ae3c}\Shell\explore\command - "" = F:\tasumae\2349284.exe -- File not found

O33 - MountPoints2\{22d7fb9b-3004-11dd-962a-001c23a4ae3c}\Shell\open\command - "" = F:\tasumae\2349284.exe -- File not found

O33 - MountPoints2\{38bcd87a-1a4a-11dd-a0b6-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\2ul.exe -- File not found

O33 - MountPoints2\{38bcd87a-1a4a-11dd-a0b6-001c23a4ae3c}\Shell\open\Command - "" = F:\2ul.exe -- File not found

O33 - MountPoints2\{51718ff8-0db0-11dd-9d31-001c23a4ae3c}\Shell\verb1\command - "" = F:\Thumbs.dn\1.{3aea-1069-a2de-08002b30309d}\Thumbs.BAT -- File not found

O33 - MountPoints2\{89743475-f93c-11dc-b471-806e6f6e6963}\Shell\0\Command - "" = .\RECYCLER\UExecute.exe

O33 - MountPoints2\{89743475-f93c-11dc-b471-806e6f6e6963}\Shell\1\Command - "" = .\RECYCLER\UExecute.exe

O33 - MountPoints2\{9306d3c0-3e19-11dd-9439-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\dp.exe -- File not found

O33 - MountPoints2\{9306d3c0-3e19-11dd-9439-001c23a4ae3c}\Shell\explore\Command - "" = F:\dp.exe -- File not found

O33 - MountPoints2\{9306d3c0-3e19-11dd-9439-001c23a4ae3c}\Shell\open\Command - "" = F:\dp.exe -- File not found

O33 - MountPoints2\{988b3ea2-e1a1-11de-b9aa-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\pkxfkrki.bat -- File not found

O33 - MountPoints2\{988b3ea2-e1a1-11de-b9aa-001c23a4ae3c}\Shell\explore\Command - "" = F:\pkxfkrki.bat -- File not found

O33 - MountPoints2\{988b3ea2-e1a1-11de-b9aa-001c23a4ae3c}\Shell\open\Command - "" = F:\pkxfkrki.bat -- File not found

O33 - MountPoints2\{a096321d-f902-11dc-86aa-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\31n3b2h.exe -- File not found

O33 - MountPoints2\{a096321d-f902-11dc-86aa-001c23a4ae3c}\Shell\explore\Command - "" = F:\31n3b2h.exe -- File not found

O33 - MountPoints2\{a096321d-f902-11dc-86aa-001c23a4ae3c}\Shell\open\Command - "" = F:\31n3b2h.exe -- File not found

O33 - MountPoints2\{a274a82c-1347-11df-84ff-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\g8k.exe -- File not found

O33 - MountPoints2\{a274a82c-1347-11df-84ff-001c23a4ae3c}\Shell\open\Command - "" = F:\g8k.exe -- File not found

O33 - MountPoints2\{a5f5cf6a-9338-11dd-9729-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\l61yyp.exe -- File not found

O33 - MountPoints2\{a5f5cf6a-9338-11dd-9729-001c23a4ae3c}\Shell\open\Command - "" = F:\l61yyp.exe -- File not found

O33 - MountPoints2\{d58905dd-3ffd-11dd-a98f-001c23a4ae3c}\Shell - "" = AutoRun

O33 - MountPoints2\{d58905dd-3ffd-11dd-a98f-001c23a4ae3c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{e2fac5dd-ea64-11de-87e1-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\1j038ki.exe -- File not found

O33 - MountPoints2\{e2fac5dd-ea64-11de-87e1-001c23a4ae3c}\Shell\open\Command - "" = F:\1j038ki.exe -- File not found

O33 - MountPoints2\{f2e1b5d4-8434-11dc-9198-001c23a4ae3c}\Shell - "" = AutoRun

O33 - MountPoints2\{f2e1b5d4-8434-11dc-9198-001c23a4ae3c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O33 - MountPoints2\{f819af3e-8694-11de-94d6-001c23a4ae3c}\Shell - "" = AutoRun

O33 - MountPoints2\{f819af3e-8694-11de-94d6-001c23a4ae3c}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/08/15 00:00:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010/08/15 00:00:15 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010/08/15 00:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/10 22:04:32 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll

[2010/08/10 22:04:30 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2010/08/10 22:04:25 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010/08/10 22:04:25 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010/08/10 22:04:25 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2010/08/10 22:04:24 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010/08/10 22:04:24 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010/08/10 22:04:24 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010/08/10 22:04:24 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll

[2010/08/10 22:04:24 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010/08/10 22:04:23 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010/08/10 22:04:16 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010/08/10 22:04:14 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll

[2010/08/10 22:04:10 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/08/10 22:04:10 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/08/10 10:09:15 | 000,000,000 | RHSD | C] -- C:\RECYCLER

[2010/08/09 13:23:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2010/08/09 13:22:43 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2010/08/09 13:22:43 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/08/09 13:22:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/08/09 13:22:43 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/08/08 07:45:10 | 000,000,000 | ---D | C] -- C:\Users\francis\dwhelper

[2010/08/07 09:31:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\cyc 2010

[2010/07/23 10:04:43 | 000,000,000 | ---D | C] -- C:\Program Files\NOS

[2010/07/16 13:57:42 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[4 C:\Users\francis\Documents\*.tmp files -> C:\Users\francis\Documents\*.tmp -> ]

[15 C:\Users\francis\Desktop\*.tmp files -> C:\Users\francis\Desktop\*.tmp -> ]

[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/15 06:53:41 | 005,505,024 | -HS- | M] () -- C:\Users\francis\ntuser.dat

[2010/08/15 06:50:00 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E127DD84-E916-42F4-8AED-8B33BB97CB77}.job

[2010/08/15 06:43:20 | 000,715,876 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/08/15 06:43:20 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/08/15 06:43:20 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/08/15 06:39:50 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2010/08/15 06:37:40 | 000,253,961 | ---- | M] () -- C:\Users\francis\AppData\Roaming\nvModes.001

[2010/08/15 06:36:32 | 000,002,337 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\??????.lnk

[2010/08/15 06:36:23 | 000,002,485 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

[2010/08/15 06:36:13 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/08/15 06:35:45 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/08/15 06:35:44 | 000,003,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/08/15 06:35:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/08/15 06:35:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/08/15 06:35:10 | 2145,583,104 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/15 01:26:26 | 000,524,288 | -HS- | M] () -- C:\Users\francis\ntuser.dat{bcfaa37a-902b-11df-9aeb-001c23a4ae3c}.TMContainer00000000000000000001.regtrans-ms

[2010/08/15 01:26:26 | 000,065,536 | -HS- | M] () -- C:\Users\francis\ntuser.dat{bcfaa37a-902b-11df-9aeb-001c23a4ae3c}.TM.blf

[2010/08/15 01:25:49 | 001,906,954 | -H-- | M] () -- C:\Users\francis\AppData\Local\IconCache.db

[2010/08/15 01:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/08/15 00:05:36 | 000,000,820 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/14 23:52:20 | 000,253,961 | ---- | M] () -- C:\Users\francis\AppData\Roaming\nvModes.dat

[2010/08/14 23:24:45 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null

[2010/08/14 09:19:05 | 000,025,088 | ---- | M] () -- C:\Users\francis\Documents\Problem signature malware problem.doc

[2010/08/12 20:33:28 | 000,006,836 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2010/08/11 21:12:51 | 000,000,000 | ---- | M] () -- C:\Windows\EEventManager.INI

[2010/08/11 21:08:33 | 000,162,816 | ---- | M] () -- C:\Users\francis\Documents\malwarebyets.doc

[2010/08/11 21:08:33 | 000,000,162 | -H-- | M] () -- C:\Users\francis\Documents\~$lwarebyets.doc

[2010/08/11 10:10:42 | 004,818,944 | ---- | M] () -- C:\Users\francis\Desktop\CYC 8-11-10.ppt

[2010/08/11 03:26:32 | 000,406,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/08/09 09:41:48 | 000,007,592 | ---- | M] () -- C:\Users\francis\AppData\Local\d3d9caps.dat

[2010/08/09 07:14:12 | 000,108,032 | ---- | M] () -- C:\Users\francis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/08/09 05:17:52 | 000,000,930 | ---- | M] () -- C:\Users\francis\Desktop\Light of the World Mandarin Chinese Part 1 - Shortcut.lnk

[2010/08/07 16:24:32 | 000,000,921 | ---- | M] () -- C:\Users\francis\Desktop\YouTube Downloader.lnk

[2010/08/07 16:07:34 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40cdfc9a-a240-11df-bc32-001c23a4ae3c}.TMContainer00000000000000000002.regtrans-ms

[2010/08/07 16:07:34 | 000,524,288 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40cdfc9a-a240-11df-bc32-001c23a4ae3c}.TMContainer00000000000000000001.regtrans-ms

[2010/08/07 16:07:34 | 000,262,144 | ---- | M] () -- C:\ProgramData\ntuser.dat

[2010/08/07 16:07:34 | 000,065,536 | -HS- | M] () -- C:\ProgramData\ntuser.dat{40cdfc9a-a240-11df-bc32-001c23a4ae3c}.TM.blf

[2010/08/07 09:55:23 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI

[2010/08/06 18:22:27 | 010,407,936 | ---- | M] () -- C:\Users\francis\Documents\CYC 2010 songs.ppt

[2010/08/01 08:25:11 | 000,000,395 | ---- | M] () -- C:\Users\francis\Documents\Pictures - Shortcut.lnk

[2010/07/31 18:54:14 | 000,001,750 | ---- | M] () -- C:\Users\francis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/07/31 18:54:14 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/07/27 12:57:39 | 000,182,784 | ---- | M] () -- C:\Users\francis\Desktop\Bay Area schools latest xml(2).xls

[2010/07/17 05:00:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2010/07/17 05:00:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2010/07/17 05:00:10 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[4 C:\Users\francis\Documents\*.tmp files -> C:\Users\francis\Documents\*.tmp -> ]

[15 C:\Users\francis\Desktop\*.tmp files -> C:\Users\francis\Desktop\*.tmp -> ]

[1 C:\Users\Public\Documents\*.tmp files -> C:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/15 00:00:20 | 000,000,820 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/14 23:50:09 | 2145,583,104 | -HS- | C] () -- C:\hiberfil.sys

[2010/08/14 09:19:05 | 000,025,088 | ---- | C] () -- C:\Users\francis\Documents\Problem signature malware problem.doc

[2010/08/11 21:12:51 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI

[2010/08/11 21:08:33 | 000,162,816 | ---- | C] () -- C:\Users\francis\Documents\malwarebyets.doc

[2010/08/11 21:08:33 | 000,000,162 | -H-- | C] () -- C:\Users\francis\Documents\~$lwarebyets.doc

[2010/08/11 09:50:06 | 004,818,944 | ---- | C] () -- C:\Users\francis\Desktop\CYC 8-11-10.ppt

[2010/08/09 05:17:52 | 000,000,930 | ---- | C] () -- C:\Users\francis\Desktop\Light of the World Mandarin Chinese Part 1 - Shortcut.lnk

[2010/08/07 16:24:32 | 000,000,921 | ---- | C] () -- C:\Users\francis\Desktop\YouTube Downloader.lnk

[2010/08/07 16:07:34 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40cdfc9a-a240-11df-bc32-001c23a4ae3c}.TMContainer00000000000000000002.regtrans-ms

[2010/08/07 16:07:34 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40cdfc9a-a240-11df-bc32-001c23a4ae3c}.TMContainer00000000000000000001.regtrans-ms

[2010/08/07 16:07:33 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat

[2010/08/07 16:07:33 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{40cdfc9a-a240-11df-bc32-001c23a4ae3c}.TM.blf

[2010/08/07 16:07:33 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1

[2010/08/07 16:07:33 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2

[2010/08/05 12:57:45 | 010,407,936 | ---- | C] () -- C:\Users\francis\Documents\CYC 2010 songs.ppt

[2010/08/01 08:25:11 | 000,000,395 | ---- | C] () -- C:\Users\francis\Documents\Pictures - Shortcut.lnk

[2010/07/31 18:54:14 | 000,001,750 | ---- | C] () -- C:\Users\francis\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/07/31 18:54:14 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/07/31 18:33:46 | 000,028,160 | ---- | C] () -- C:\Users\francis\Documents\legal terms.doc

[2010/07/27 11:15:32 | 000,182,784 | ---- | C] () -- C:\Users\francis\Desktop\Bay Area schools latest xml(2).xls

[2010/04/20 07:05:55 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI

[2010/02/07 20:29:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini

[2010/02/07 20:22:27 | 000,000,079 | ---- | C] () -- C:\Windows\EPWF310.ini

[2010/01/14 10:56:30 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/07/30 18:58:42 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini

[2009/01/31 18:05:08 | 000,000,035 | ---- | C] () -- C:\Windows\System32\QTRAYIME.INI

[2008/09/08 11:13:17 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini

[2008/06/13 07:22:38 | 000,108,032 | ---- | C] () -- C:\Windows\System32\sh33w32.dll

[2007/10/29 07:17:00 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI

[2007/10/22 23:46:28 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2007/10/22 23:46:15 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/08/06 12:07:30 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll

[2007/07/25 14:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\francis\Documents\MOV00842.MPG:TOC.WMV

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 8/15/2010 6:46:36 AM - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\francis\Desktop\Downloads

Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6001.18000)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 25.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 99.21 Gb Total Space | 8.49 Gb Free Space | 8.56% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.78 Gb Free Space | 57.79% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: CIPD-PC

Current User Name: francis

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"UacDisableNotify" = 1

"InternetSettingsDisableNotify" = 1

"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{09597CD4-32A0-48A6-AD87-A3430B17254F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{10E89C6D-D4B6-4B17-9E9F-476F3BF825F2}" = rport=445 | protocol=6 | dir=out | app=system |

"{1EE02E7A-A88C-4F76-8CB0-3F6241AF24F3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{30E888AB-40EC-492F-B577-943E8653EA35}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{32BD88C2-7A74-4941-A785-C25049660653}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{3EF5A9E4-67B7-40A6-B700-1A89BB170A17}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{4283A42C-2FB0-410F-97C6-5E223B4D1601}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

"{4B2ABA4E-072C-4428-A2B7-FCB3FED71B68}" = lport=2869 | protocol=6 | dir=in | app=system |

"{58FFD519-DE73-47AA-AED5-D2C661F6E217}" = lport=137 | protocol=17 | dir=in | app=system |

"{594A15AC-D302-4D57-B8FC-2F83BED93EB3}" = lport=138 | protocol=17 | dir=in | app=system |

"{638D64A5-EC93-4811-92D2-C3F22EEC38E7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{700A1AC6-87FD-4588-A635-C7C3288145DE}" = rport=138 | protocol=17 | dir=out | app=system |

"{743A9273-F7B9-4658-A659-08BF7FCB06E6}" = lport=445 | protocol=6 | dir=in | app=system |

"{760A4534-A2A5-46F7-A884-E9FE79C7D472}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{790D0921-067A-4295-8A09-0384307080BA}" = lport=139 | protocol=6 | dir=in | app=system |

"{81CF6725-20D5-42FC-8C01-A6A5F44D6358}" = rport=137 | protocol=17 | dir=out | app=system |

"{89983DAA-01C5-4ADD-BCDF-5CD508436178}" = rport=139 | protocol=6 | dir=out | app=system |

"{A01C762B-EEBF-45B1-B4A1-6DE372D12D1C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{D0BF56FB-5352-48AA-89BA-026980E9E8AE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{D5FBCA5E-ABA6-48BC-BCB9-16FED2FD1765}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{030B4C99-B7E7-48AD-9EE8-6ED26930243F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{03A5109C-D3B0-4E88-8557-79E640383498}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{076B8701-D00C-4B99-B1F8-8BAE3254806C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{0FA3B07F-9642-4AD5-92A7-395D69D81866}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |

"{0FCAA02B-19C4-4A5D-91AC-D2A754796DA6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{3B0A1FD2-6929-4235-AD29-0207D931D4C2}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{3C3859EB-744F-44F5-896C-AACDB2883FB9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"{48304E0C-2E88-4247-93FC-BBB2BCD4E001}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"{4881B9B8-86C3-4CB3-BAC4-03B7CCE5B87A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{615F72B9-F52E-4B2A-B365-084C642C3155}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{71AF3EA1-8259-408E-8E6F-4FBAB9FAE418}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{791295D8-C648-44EE-881F-BA36E46D9D1E}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |

"{7FCA0550-3A03-472F-AC9C-8BA672D04AAF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"{94BB5FE1-833D-4E87-A0B4-44E926502A4A}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool09\eneasyapp.exe |

"{A289A1EA-47C1-4EC8-9A16-0D7FF885398F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

"{B876D715-6801-4F8E-8B1F-9BB8AD70D885}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

"{C33D0EFE-30F5-455A-BFA2-DB30E2632FCF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

"{C346E8B2-5EDD-4AB0-9B7B-F6CFEA7B6F9F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |

"{C3FACA8A-19E7-4945-BA42-43246B808927}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |

"{E1505F88-CD53-4D45-B7BE-FE3DCFB0869E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{E76795CD-9DE0-42AF-8D36-9A0EFA961F60}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{EF197D37-7517-4CD1-8A08-C4150EF649E6}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |

"{F1C0E7A8-00F0-469B-8E8A-BD7898810EDB}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{F54984CF-1816-4404-B548-F9C8F9BB058F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |

"{FC5F6A90-BE1E-4023-8CE0-63AE766CB2C2}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{15A2E846-2C03-4D03-B5E1-047E89607577}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{2440C9ED-7EB6-4E2C-B11C-088D950885C7}C:\program files\2x\client\appserverclient.exe" = protocol=6 | dir=in | app=c:\program files\2x\client\appserverclient.exe |

"TCP Query User{30DB92E0-ABB7-412E-8845-FD5B2967C504}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"TCP Query User{56863235-A902-491A-83B0-7C0FDF3CC1B9}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"TCP Query User{59A35B62-9921-4B9C-9754-222212B015F0}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{65A40698-2F1A-484E-BF31-5FC67E1C6E36}C:\program files\2x\client\tsclient.exe" = protocol=6 | dir=in | app=c:\program files\2x\client\tsclient.exe |

"TCP Query User{6B4CCB39-8EFD-494C-9A14-B158E897E8F3}C:\program files\2x\client\tsclient.exe" = protocol=6 | dir=in | app=c:\program files\2x\client\tsclient.exe |

"TCP Query User{B24F01D6-66D4-4999-B378-2D8134844719}C:\program files\qvodplayer\qvodterminal.exe" = protocol=6 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |

"TCP Query User{BAB98C84-5C1D-4A66-BBDF-0BB4A0EC9D9A}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"TCP Query User{CCE5E1F1-6AC5-4D7B-BF73-DADB710D14E9}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"TCP Query User{ECEB2D5D-FDBB-467F-9763-663011399E7A}C:\program files\2x\client\appserverclient.exe" = protocol=6 | dir=in | app=c:\program files\2x\client\appserverclient.exe |

"UDP Query User{2251E18C-FEC0-4369-B1E1-5ED63B8F8BAD}C:\program files\2x\client\appserverclient.exe" = protocol=17 | dir=in | app=c:\program files\2x\client\appserverclient.exe |

"UDP Query User{35DC59E0-0483-4594-9B0E-EDD03B13092C}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{364849FB-C6D0-4438-A88E-44CA2A779494}C:\program files\qvodplayer\qvodterminal.exe" = protocol=17 | dir=in | app=c:\program files\qvodplayer\qvodterminal.exe |

"UDP Query User{50722B67-020E-470E-BFFF-2AB0537DA48A}C:\program files\2x\client\appserverclient.exe" = protocol=17 | dir=in | app=c:\program files\2x\client\appserverclient.exe |

"UDP Query User{8E17871D-9E00-42A5-B117-7EE9DBE08A38}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"UDP Query User{A186EDA4-71AF-4C4E-B501-B0CEE4D9B3AE}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{A8EAD2FB-4099-43D4-9FD8-133A9A4B03D2}C:\program files\2x\client\tsclient.exe" = protocol=17 | dir=in | app=c:\program files\2x\client\tsclient.exe |

"UDP Query User{B7C84133-9C49-4B24-91E4-1163163B6060}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |

"UDP Query User{C091090A-E7E6-46F2-B536-1CA66936346E}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

"UDP Query User{DE6DF385-3CAE-4BCD-B816-13D4358B0471}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |

"UDP Query User{EBBB887B-805F-4356-8480-B4F3C698D430}C:\program files\2x\client\tsclient.exe" = protocol=17 | dir=in | app=c:\program files\2x\client\tsclient.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{004098A1-0362-4C42-A1C3-CAD436CFF4A1}" = YouTube Downloader Toolbar v1.0

"{06040048-3E21-46D6-9A91-D927BA08F41D}" = Microsoft Encarta Encyclopedia Standard 2006

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{07620C4F-0964-4086-A872-C9C12E418E52}" = DJ_SF_03_D4300_Software

"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = QualxServ Service Agreement

"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP480_series" = Canon MP480 series MP Drivers

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX860_series" = Canon MX860 series MP Drivers

"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{17E3A651-12B9-4149-BAE8-E6FB9A5ADC4F}" = Microsoft Works Suite Add-in for Microsoft Word

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.5.7

"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 21

"{2B6E2126-4438-4CF1-BDDE-3C4355092860}" = Pradis Do Not Remove

"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)

"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE

"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant

"{387D9916-BD27-480f-8CF0-3228832BBAA2}" = HP Deskjet D4300 Printer Driver Software 10.0 Rel .3

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{466D8AE7-ABED-4C57-B7F4-1FC799D7DF7A}" = ??VS???(32Bit)

"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC

"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5D95AD35-368F-47D5-B63A-A082DDF00116}" = Microsoft Digital Image Standard 2006 Editor

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder

"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm

"{691F4068-81BF-49E3-B32E-FE3E16400112}" = Microsoft Digital Image Standard 2006 Library

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6A931D08-D844-4793-B67D-D8B19420B99C}" = 2X Client

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder

"{73568F76-7A37-9DB4-73B1-11DCF1A2FC52}" = FOX News Live Stream

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)

"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet

"{7F4BD545-3446-4845-BAE8-F142A3178FD6}" = Pradis: Creative Bible Lessons

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8B0A7592-2AE0-48EA-A327-6EB7DAB25E4A}" = DJ_SF_03_D4300_Software_Min

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_PUBLISHERR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_PUBLISHERR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_PUBLISHERR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_PUBLISHERR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_PUBLISHERR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0019-0000-0000-0000000FF1CE}_PUBLISHERR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder

"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker

"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter

"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player

"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply

"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch

"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)

"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade

"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01

"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E60A3FF1-856E-4DD2-BFC6-FD9B976FE1C5}" = DJ_SF_03_D4300_ProductContext

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)

"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"AIM_6" = AIM 6

"Audacity_is1" = Audacity 1.2.6

"Canon MP480 series User Registration" = Canon MP480 series User Registration

"Canon MX860 series User Registration" = Canon MX860 series User Registration

"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility

"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool

"CanonMyPrinter" = Canon Utilities My Printer

"CanonSolutionMenu" = Canon Utilities Solution Menu

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivXLand Media Subtitler" = DivXLand Media Subtitler

"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX

"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver

"EPSON Scanner" = EPSON Scan

"EPSON WorkForce 310 Series" = EPSON WorkForce 310 Series Printer Uninstall

"FoxPlayerAIR.01F2E49DE175CC541F416F2DF78BDD5E63AD0096.1" = FOX News Live Stream

"Google Calendar Sync" = Google Calendar Sync

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"Gramrw32" = Grammar for the Real World

"HP Imaging Device Functions" = HP Imaging Device Functions 10.0

"HP Photosmart Essential" = HP Photosmart Essential 2.5

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0

"HPExtendedCapabilities" = HP Customer Participation Program 10.0

"InstallShield_{7F4BD545-3446-4845-BAE8-F142A3178FD6}" = Pradis: Creative Bible Lessons

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Macromedia Shockwave Player" = Macromedia Shockwave Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"McAfee Security Scan" = McAfee Security Scan

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Money2006b" = Microsoft Money 2006

"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)

"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0

"MP Navigator EX 2.1" = Canon MP Navigator EX 2.1

"NET_Bible_Html_Help_1.0" = NET Bible First Edition 1.0

"NVIDIA Drivers" = NVIDIA Drivers

"Picasa 3" = Picasa 3

"PictureItPrem_v11" = Microsoft Digital Image Standard 2006

"PrimoPDF" = PrimoPDF -- by Nitro PDF Software

"ProInst" = Intel® PROSet/Wireless Software

"PUBLISHERR" = Microsoft Office Publisher 2007

"RealPlayer 12.0" = RealPlayer

"Shop for HP Supplies" = Shop for HP Supplies

"SynTPDeinstKey" = Dell Touchpad

"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

"ViewpointMediaPlayer" = Viewpoint Media Player

"WinLiveSuite_Wave3" = Windows Live Essentials

"Works2006Setup" = Microsoft Works Suite 2006 Setup Launcher

"Yahoo! Companion" = Yahoo! Toolbar

"Yahoo! Extras" = Yahoo! Browser Services

"Yahoo! Mail" = Yahoo! Internet Mail

"Yahoo! Mail Advisor" = Yahoo! Mail Advisor

"Yahoo! Messenger" = Yahoo! Messenger

"Yahoo! Search Defender" = Yahoo! Search Protection

"Yahoo! Software Update" = Yahoo! Software Update

"YInstHelper" = Yahoo! Install Manager

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1344416606-2898777841-2257042528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 8/15/2010 9:50:28 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 1024

Description =

Error - 8/15/2010 9:51:10 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 11606

Description =

Error - 8/15/2010 9:51:10 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 11606

Description =

Error - 8/15/2010 9:51:10 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 1024

Description =

Error - 8/15/2010 9:54:38 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 11606

Description =

Error - 8/15/2010 9:54:38 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 11606

Description =

Error - 8/15/2010 9:54:38 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 1024

Description =

Error - 8/15/2010 9:55:23 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 11606

Description =

Error - 8/15/2010 9:55:23 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 11606

Description =

Error - 8/15/2010 9:55:23 AM | Computer Name = CIPD-PC | Source = MsiInstaller | ID = 1024

Description =

[ System Events ]

Error - 8/15/2010 9:49:09 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:49:53 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:50:33 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:51:16 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:54:43 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:55:28 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:56:10 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:56:56 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:57:42 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

Error - 8/15/2010 9:58:44 AM | Computer Name = CIPD-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

< End of report >

GMER

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-08-15 15:55:51

Windows 6.0.6001 Service Pack 1

Running: gmer.exe; Driver: C:\Users\francis\AppData\Local\Temp\pxldqpob.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [745988B4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [745D98A5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [7459B9D4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7458FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74597A79] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7458EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [745CB17D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [7459BC9A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7459074E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [745906B5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [745871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7461D848] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [745B7379] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7458E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [7458697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [745869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

IAT C:\Windows\Explorer.EXE[1144] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74592465] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54

c9c04bca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device \FileSystem\fastfat \Fat 8CE14A7A

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

Hello ,

And My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
  

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
    

  [*]Save it to your desktop.

  [*]Double click on the icon on your desktop.

  [*]Click the "Scan All Users" checkbox.

  [*]Push the button.

  [*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
    
  • Extra.txt <-- Will be minimized
    

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and re-enable all active protection when done.
  

-- If you encounter any problems, try running GMER in Safe Mode.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
  
• A new OTL log (don't forget extra.txt)
  
• GMER log
  

[Elise]

Hello again,

Indeed some malware there that needs to go first.

Since it looks like you had some (previous) flash drive infections, please plug in all (or as much as possible) flashdrives/other external drives you have before continuing with the steps below.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[btong]

Hi Elise,

Here goes the log... Sorry, but I don't know why there are Chinese characters. Do you need me to translate?

ComboFix 10-08-16.03 - francis 6/2010 Mon 17:41:04.1.2 - x86

????: c:\users\francis\Desktop\Downloads\ComboFix.exe

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( ?????? )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\YouTube Downloader Toolbar\SeARchsettings.dll

c:\users\Borrower\AppData\Local\{77A7DEDC-E628-4226-8366-143F2000D795}

c:\users\Borrower\AppData\Local\{77A7DEDC-E628-4226-8366-143F2000D795}\chrome.manifest

c:\users\Borrower\AppData\Local\{77A7DEDC-E628-4226-8366-143F2000D795}\chrome\content\_cfg.js

c:\users\Borrower\AppData\Local\{77A7DEDC-E628-4226-8366-143F2000D795}\chrome\content\overlay.xul

c:\users\Borrower\AppData\Local\{77A7DEDC-E628-4226-8366-143F2000D795}\install.rdf

.

((((((((((((((((((((((((( 2010-07-17 ? 2010-08-17 ????? )))))))))))))))))))))))))))))))

.

2010-08-17 00:54 . 2010-08-17 00:54 -------- d-----w- c:\users\Guest\AppData\Local\temp

2010-08-17 00:54 . 2010-08-17 00:54 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-08-17 00:54 . 2010-08-17 00:54 -------- d-----w- c:\users\Staff II\AppData\Local\temp

2010-08-17 00:54 . 2010-08-17 00:54 -------- d-----w- c:\users\Borrower\AppData\Local\temp

2010-08-17 00:54 . 2010-08-17 00:54 -------- d-----w- c:\users\Cantonese Youth Min\AppData\Local\temp

2010-08-15 14:17 . 2010-08-15 14:17 93056 ----a-w- C:\pxldqpob.sys

2010-08-15 07:00 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-15 07:00 . 2010-08-15 07:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-15 07:00 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-10 19:01 . 2010-08-10 19:01 -------- d-----w- c:\users\Staff II\AppData\Roaming\Malwarebytes

2010-08-09 20:22 . 2010-07-17 12:00 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-08-08 14:45 . 2010-08-09 13:47 -------- d-----w- c:\users\francis\dwhelper

2010-08-07 23:07 . 2010-08-07 23:07 862872 ------w- c:\users\francis\AppData\Roaming\Yahoo!\SearchProtection\fudogs_2.0.1.13_msgr_bts_setup.2010.04.01.01.exe

2010-08-07 16:55 . 2010-08-07 16:55 -------- d-----w- c:\users\Staff II\Office Genuine Advantage

2010-08-07 16:36 . 2010-08-07 16:36 -------- d-----w- c:\users\Staff II\AppData\Local\Mozilla

2010-08-07 16:35 . 2010-08-15 17:54 -------- d-----w- c:\users\Staff II\AppData\Local\ApplicationHistory

2010-08-07 16:33 . 2010-08-07 16:33 -------- d-----w- c:\users\Staff II\AppData\Local\LogMeIn

2010-08-07 16:33 . 2010-08-07 16:33 -------- d-----w- c:\users\Staff II\AppData\Local\MediaDirect

2010-08-07 16:33 . 2010-08-07 16:33 -------- d-----w- c:\users\Staff II\AppData\Roaming\Epson

2010-08-07 16:32 . 2010-08-07 16:32 -------- d-----w- c:\users\Staff II\AppData\Roaming\Dell

2010-08-07 16:32 . 2010-08-07 16:32 -------- d-----w- c:\users\Staff II\AppData\Roaming\yahoo!

2010-08-07 16:32 . 2010-08-07 16:33 -------- d-----w- c:\users\Staff II\AppData\Local\Google

2010-08-07 16:32 . 2010-08-07 16:32 -------- d--h--w- c:\users\Staff II\AppData\Roaming\GTek

2010-08-07 16:32 . 2010-08-07 16:32 -------- d-----w- c:\users\Staff II\AppData\Local\SupportSoft

2010-08-07 16:32 . 2010-08-07 16:32 114392 ----a-w- c:\users\Staff II\AppData\Local\GDIPFONTCACHEV1.DAT

2010-07-23 17:04 . 2010-07-23 17:04 -------- d-----w- c:\program files\NOS

2010-07-19 18:42 . 2010-07-19 18:42 -------- d-----w- c:\users\Cantonese Youth Min\AppData\Roaming\Malwarebytes

.

(((((((((((((((((((((((((((((((((((((((( ??????????? ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-17 00:53 . 2010-05-04 06:14 -------- d-----w- c:\program files\YouTube Downloader Toolbar

2010-08-16 22:19 . 2008-09-09 17:33 -------- d-----w- c:\programdata\Google Updater

2010-08-16 10:00 . 2009-10-31 16:18 -------- d-----w- c:\program files\LogMeIn

2010-08-15 18:00 . 2010-08-13 16:56 67124 ----a-w- c:\users\Staff II\AppData\Roaming\nvModes.dat

2010-08-15 16:43 . 2007-11-25 04:21 253961 ----a-w- c:\users\francis\AppData\Roaming\nvModes.dat

2010-08-13 14:02 . 2007-10-22 23:00 -------- d-----w- c:\program files\Java

2010-08-11 10:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-09 20:23 . 2007-10-22 23:00 -------- d-----w- c:\program files\Common Files\Java

2010-08-09 16:41 . 2007-10-26 21:42 7592 ----a-w- c:\users\francis\AppData\Local\d3d9caps.dat

2010-08-09 16:38 . 2009-12-07 14:36 -------- d-----w- c:\program files\McAfee

2010-08-07 23:24 . 2009-05-24 01:06 -------- d-----w- c:\program files\YouTube Downloader

2010-08-07 23:07 . 2010-08-07 23:07 262144 ----a-w- c:\programdata\ntuser.dat

2010-08-07 23:07 . 2008-02-06 17:08 -------- d-----w- c:\programdata\Yahoo!

2010-07-23 17:08 . 2010-07-04 03:41 -------- d-----w- c:\programdata\NOS

2010-07-17 06:51 . 2008-05-16 18:35 -------- d-----w- c:\programdata\Yahoo! Companion

2010-07-16 02:04 . 2010-07-12 16:46 120 ----a-w- c:\users\Borrower\AppData\Local\Fzisu.dat

2010-07-15 18:19 . 2010-07-15 18:19 3422 ----a-w- c:\users\Borrower\AppData\Local\enusagub.dll

2010-07-15 16:13 . 2010-07-12 16:46 0 ----a-w- c:\users\Borrower\AppData\Local\Rsudutulivihano.bin

2010-07-14 01:50 . 2010-07-12 16:56 -------- d-----w- c:\users\Borrower\AppData\Roaming\Defense Center

2010-07-14 01:49 . 2010-07-14 01:49 56576 ----a-w- c:\users\Borrower\AppData\Roaming\Defense Center\Uninstall.exe

2010-07-13 16:05 . 2010-07-13 16:05 -------- d-----w- c:\users\Borrower\AppData\Roaming\Malwarebytes

2010-06-28 16:17 . 2010-08-11 05:04 833024 ----a-w- c:\windows\system32\wininet.dll

2010-06-28 16:13 . 2010-08-11 05:04 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-26 14:59 . 2007-10-29 20:06 -------- d-----w- c:\program files\Microsoft.NET

2010-06-24 13:47 . 2010-06-24 13:47 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb654A.tmp.exe

2010-06-21 13:18 . 2010-08-11 05:04 2036736 ----a-w- c:\windows\system32\win32k.sys

2010-06-20 01:12 . 2010-01-03 20:52 -------- d-----w- c:\programdata\Microsoft Help

2010-06-18 16:43 . 2010-08-11 05:04 36352 ----a-w- c:\windows\system32\rtutils.dll

2010-06-18 14:43 . 2010-08-11 05:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-18 14:43 . 2010-08-11 05:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-16 15:59 . 2010-08-11 05:04 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-06-12 02:44 . 2009-10-31 16:18 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2010-06-12 02:44 . 2009-10-31 16:18 29568 ----a-w- c:\windows\system32\LMIport.dll

2010-06-12 02:44 . 2009-10-31 16:18 87424 ----a-w- c:\windows\system32\LMIinit.dll

2010-06-11 15:31 . 2010-08-11 05:04 274432 ----a-w- c:\windows\system32\schannel.dll

2010-06-11 15:30 . 2010-08-11 05:04 1257472 ----a-w- c:\windows\system32\msxml3.dll

2010-06-08 17:00 . 2010-08-11 05:04 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-08 17:00 . 2010-08-11 05:04 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr

2010-05-27 19:16 . 2010-08-11 05:04 81920 ----a-w- c:\windows\system32\iccvid.dll

2010-05-26 16:16 . 2010-06-17 01:15 34304 ----a-w- c:\windows\system32\atmlib.dll

2010-05-26 14:25 . 2010-06-17 01:15 289792 ----a-w- c:\windows\system32\atmfd.dll

2010-05-21 21:14 . 2009-10-02 18:00 221568 ------w- c:\windows\system32\MpSigStub.exe

2010-05-20 01:06 . 2008-02-10 19:54 314704 ----a-w- c:\users\Borrower\AppData\Roaming\nvModes.dat

2009-08-05 02:08 . 2009-08-05 02:08 3942048 ----a-w- c:\program files\mbam-setup.exe

2010-08-07 16:37 . 2008-07-26 02:13 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2007-10-23 06:45 . 2007-10-23 06:37 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( ????? ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*??* ???????????????

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]

"Microsoft Location Finder"="c:\program files\Microsoft Location Finder\LocationFinder.exe" [2005-08-24 101080]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-09 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]

"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-04 857648]

"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-07 30192]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]

"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-02-26 132376]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-06-27 405504]

"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-25 86016]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-25 8433664]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-25 81920]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-06-25 67584]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"SearchSettings"="c:\program files\YouTube Downloader Toolbar\SearchSettings.exe" [2010-02-20 974848]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-07 1848648]

"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]

"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]

"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-01-12 669520]

"FUFAXSTM"="c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-02-06 843776]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-04-28 202256]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 3883856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-22 50688]

Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [2009-7-27 199184]

QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-10-22 45056]

??????.lnk - c:\windows\Installer\{466D8AE7-ABED-4C57-B7F4-1FC799D7DF7A}\_6BA1C5531FC7E388165D3C.exe [2009-1-31 1078]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-07 30192]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-04-29 38224]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S2 2X SSO Service;2X SSO Service;c:\program files\2X\Client\\TUXCredProv.exe [2010-03-06 272840]

S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-02-20 380928]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2008-08-11 12856]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2010-05-21 88176]

S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

getPlusHelper REG_MULTI_SZ getPlusHelper

.

[Elise]

Hi, no problem those chinese characters, I know whats supposed to be there.

Please let me know how things are running now.

I see some signs of both Symantec AV and McAfee AV. Can you please let me know which one you are using?

[btong]

Hi Elise,

Thanks for your help. I haven't been using this laptop so I don't really know. So far I don't have any problem. I don't have Symantec AV nor McAfee AV installed currently. I think I had McAfee before but I didn't renew. Currently, I have the free McAfee siteadvisor. Other than that, I don' t have AV. So should I assume all the viruses are gone now? Do I run a scan with Malwarebytes? Please advise. Thanks!!

Hi, no problem those chinese characters, I know whats supposed to be there.

Please let me know how things are running now.

I see some signs of both Symantec AV and McAfee AV. Can you please let me know which one you are using?

[Elise]

In that case, lets remove all norton and mcafee leftovers and install a new AV. Please run also a full scan with MBAM.

Dowload and save McAfee Removal Tool to your desktop.

Run it to remove McAfee. After this, please restart your computer.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

INSTALL ANTIVIRUS

---------------------------

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

[btong]

hi elise,

i removed mcafee and norton. i ran mbam. it found 3 infections but it crashed before it can remove them. i have not installed your recommended av yet....

In that case, lets remove all norton and mcafee leftovers and install a new AV. Please run also a full scan with MBAM.

Dowload and save McAfee Removal Tool to your desktop.

Run it to remove McAfee. After this, please restart your computer.

Please click HERE and follow the instructions in STEP 2 to download and run the norton removal tool.

INSTALL ANTIVIRUS

---------------------------

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Three good antivirus programs free for non-commercial home use are Avast!, Antivir and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

[Elise]

At which point did the scan crash? Was it a quick or a full scan? Did you get any error message?

[btong]

Hi Elise,

It crashed after the 3rd virus was found. It crashed after a little over an hour of scanning. I did a full scan. It just said mbam has stopped working.

At which point did the scan crash? Was it a quick or a full scan? Did you get any error message?

[Elise]

Try to do a quick scan and see if it crashes.

[btong]

Try to do a quick scan and see if it crashes.

Hi Elise,

Just updated it, tried it with quick scan and it crashed again

crashed at 8 min. 49 sec while scanning: C\Windows\system 32\CNCFLiNO.DLL

Problem signature:

Problem Event Name: APPCRASH

Application Name: mpam.exe

Application Version: 1.46.0.1

Application Timestamp: 4bd9ed9b

Fault Module Name: mbam.dll

Fault Module Version: 1.46.0.0

Fault Module Timestamp: 4bd9baec

Exception Code: c0000005

Exception Offset: 0001fffe

OS Version: 6.0.6001.2.1.0.768.2

Locale ID: 1033

Additional Information 1: c295

Additional Information 2: 48c2c7a625e34f719005f37da48de096

Additional Information 3: 5caa

Additional Information 4: cde6daebcd7755f855f46dacf2ce19be

Read our privacy statement:

http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

[btong]

Hi Elise,

Just updated it, tried it with quick scan and it crashed again

crashed at 8 min. 49 sec while scanning: C\Windows\system 32\CNCFLiNO.DLL

Don't know if it's the same as last time, but here's the crash report:

Problem signature:

Problem Event Name: APPCRASH

Application Name: mpam.exe

Application Version: 1.46.0.1

Application Timestamp: 4bd9ed9b

Fault Module Name: mbam.dll

Fault Module Version: 1.46.0.0

Fault Module Timestamp: 4bd9baec

Exception Code: c0000005

Exception Offset: 0001fffe

OS Version: 6.0.6001.2.1.0.768.2

Locale ID: 1033

Additional Information 1: c295

Additional Information 2: 48c2c7a625e34f719005f37da48de096

Additional Information 3: 5caa

Additional Information 4: cde6daebcd7755f855f46dacf2ce19be

Read our privacy statement:

http://go.microsoft.com/fwlink/?linkid=501...mp;clcid=0x0409

[Elise]

Does it crash always at the same file?

This file seems related to Canon. Do you have Canon hardware (like a printer)?

[btong]

Does it crash always at the same file?

This file seems related to Canon. Do you have Canon hardware (like a printer)?

yes, it seems to crash at the same point. and yes, i have canon printer.

[Elise]

Try to disconnect the printer from your computer and then scan again. Let me know if that makes any difference.

[btong]

Try to disconnect the printer from your computer and then scan again. Let me know if that makes any difference.

i'm not connected to any printer. the printer is wireless.

[Elise]

I'm not too familiar with wireless printers, but can you disable the wireless connection to the printer temporarily?

You can also try to disconnect the power cable, that will have the same effect.

[btong]

I'm not too familiar with wireless printers, but can you disable the wireless connection to the printer temporarily?

You can also try to disconnect the power cable, that will have the same effect.

hmm...the printers are off and not connected... the printers are actually office printers that are physically away from me right now....

[Elise]

It might be simply a locked file.

Can you please try to run the scan and as soon as the 3 things you mentioned earlier are detected, stop the scan, remove selected and post me the log.

[btong]

hmm...the printers are off and not connected... the printers are actually office printers that are physically away from me right now....

i tried scanning again. and yep, definitely crashed at the same place: C\Windows\system 32\CNCFLiNO.DLL

your help is much appreciated, elise!

[btong]

i tried scanning again. and yep, definitely crashed at the same place: C\Windows\system 32\CNCFLiNO.DLL

your help is much appreciated, elise!

just read your earlier reply. in my last scan, no virus was detected before it crashed. but i'll try again.

[btong]

just read your earlier reply. in my last scan, no virus was detected before it crashed. but i'll try again.

do i pause scan or abort scan when the viruses show up? right now, 2 showed up and i paused scan but i don't know how to remove it as it freezes when i pause. am i supposed to abort scan in order to be able to remove it?

[Elise]

Stop Scan. Then you'll be presented with the results and have the option to Remove found threats.