Jump to content

Recommended Posts

Hello ,

And :wacko: My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.

Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

  • Please download OTL from one of the following mirrors:

    [*]Save it to your desktop.

    [*]Double click on the otlDesktopIcon.png icon on your desktop.

    [*]Click the "Scan All Users" checkbox.

    [*]Push the Quick Scan button.

    [*]Two reports will open, copy and paste them in a reply here:

    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Click on Cancel, then Accept.

-------------------------------------------------------------

In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

  • A detailed description of your problems
  • A new OTL log (don't forget extra.txt)
  • RKU log

Thanks and again sorry for the delay.

Link to post
Share on other sites

Thanks so mush for the help! Here are the logs you requested...

OTL logfile created on: 2/2/2011 8:19:45 AM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Dan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.96 Gb Total Space | 24.17 Gb Free Space | 17.40% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.79 Gb Free Space | 57.90% Space Free | Partition Type: NTFS

Computer Name: GASSY | User Name: Dan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/02 08:18:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe

PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe

PRC - [2011/01/07 01:22:12 | 001,052,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe

PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe

PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

PRC - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/12/09 05:45:58 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe

PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe

PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe

PRC - [2010/11/19 13:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2010/11/10 13:57:40 | 000,245,592 | ---- | M] () -- C:\Program Files\bfgclient\bfggameservices.exe

PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe

PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe

PRC - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

PRC - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/06/16 18:18:52 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2010/03/17 15:55:42 | 001,565,696 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Verizon\McciTrayApp.exe

PRC - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2010/03/03 19:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

PRC - [2009/04/30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009/03/05 15:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

PRC - [2008/04/23 10:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe

PRC - [2008/01/19 02:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2007/05/06 16:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/05/06 16:10:44 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe

PRC - [2007/03/15 17:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe

PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2006/11/18 06:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe

PRC - [2006/11/18 06:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

PRC - [2006/11/18 06:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe

PRC - [2006/11/18 05:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe

PRC - [2006/11/18 05:59:02 | 000,032,216 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe

PRC - [2006/10/29 08:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe

PRC - [2006/09/26 09:56:00 | 000,423,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe

========== Modules (SafeList) ==========

MOD - [2011/02/02 08:18:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

MOD - [2010/06/16 18:18:52 | 000,123,392 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

MOD - [2010/03/17 15:53:28 | 000,198,656 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [unknown | Stopped] -- -- (wscsvc)

SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)

SRV - [2011/01/05 11:59:50 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/11/19 13:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)

SRV - [2010/10/13 17:06:34 | 000,098,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)

SRV - [2010/07/09 15:09:52 | 000,248,936 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/06/16 18:18:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)

SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)

SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010/03/03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®

SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/04/30 15:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/04/23 10:59:44 | 000,069,632 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe -- (RalinkRegistryWriter)

SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/05/06 16:11:36 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/11/18 06:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®

SRV - [2006/11/18 06:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®

SRV - [2006/11/18 06:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®

SRV - [2006/11/18 05:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®

SRV - [2006/11/18 05:59:02 | 000,032,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv

SRV - [2006/10/29 08:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)

========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)

DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)

DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)

DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)

DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)

DRV - [2010/08/03 15:23:58 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)

DRV - [2010/08/03 15:23:54 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)

DRV - [2010/08/03 15:23:52 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)

DRV - [2010/07/09 17:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)

DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)

DRV - [2010/03/03 18:33:26 | 000,435,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)

DRV - [2009/04/30 22:01:36 | 000,265,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2009/04/30 21:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)

DRV - [2009/04/30 21:55:34 | 000,013,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)

DRV - [2009/04/30 15:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009/04/10 23:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2008/04/01 13:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)

DRV - [2007/06/28 21:58:34 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2007/06/28 21:58:34 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2007/06/28 21:58:34 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2007/06/28 14:17:56 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)

DRV - [2007/05/06 16:12:02 | 000,326,656 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)

DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)

DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)

DRV - [2007/02/09 11:34:16 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2006/11/18 06:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)

DRV - [2006/11/16 09:10:44 | 000,214,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)

DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/10/19 14:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)

DRV - [2006/10/18 13:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)

DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)

DRV - [2006/10/18 13:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)

DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/09/27 15:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)

DRV - [2006/09/03 08:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2006/09/03 08:53:38 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)

DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2005/10/20 15:00:04 | 000,243,328 | ---- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RT2500.sys -- (RT2500)

DRV - [2005/06/24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)

DRV - [2005/05/26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)

DRV - [2005/05/26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..\URLSearchHook: {91C18ED5-5E1C-4AE5-A148-A861DE8C8E16} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=6070629"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/04/24 14:21:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/01/30 21:00:14 | 000,000,000 | ---D | M]

[2009/04/03 19:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions

[2009/04/03 19:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

[2010/04/17 22:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\xvc7hfdj.default\extensions

[2008/05/11 18:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\xvc7hfdj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2008/05/11 18:41:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\xvc7hfdj.default\extensions\staged-xpis

[2010/12/16 17:24:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\xvc7hfdj.default\extensions\toolbar@ask.com

[2010/03/28 11:08:00 | 000,002,254 | ---- | M] () -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\xvc7hfdj.default\searchplugins\askcom.xml

[2008/05/20 21:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2008/04/24 14:20:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\REAL-NETWORKS@PARTNERS.MOZILLA.COM

File not found (No name found) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\TALKBACK@MOZILLA.ORG

[2008/04/24 14:21:58 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD

[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/01/27 19:34:46 | 000,428,490 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14778 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.

O3 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.

O3 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..\Toolbar\WebBrowser: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - No CLSID value found.

O3 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..\Toolbar\WebBrowser: (no name) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - No CLSID value found.

O3 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.

O3 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..\Toolbar\WebBrowser: (no name) - {E1BACF55-35E1-4E47-9247-2D48660E5545} - No CLSID value found.

O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [iAStorIcon] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)

O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-1135531938-1397933090-470356859-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001..\Run: [swg] File not found

O4 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002..\Run: [Aim6] File not found

O4 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)

O4 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002..\Run: [updateMgr] File not found

O4 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002..\Run: [Weather] File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2

O7 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1135531938-1397933090-470356859-1001\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-1135531938-1397933090-470356859-1002\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab (Reg Error: Key error.)

O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} https://config.skillcheck.com/onlinetesting...linetesting.cab (Reg Error: Key error.)

O16 - DPF: {6E704581-CCAE-46D2-9C64-20D724B3624E} http://radaol-prod-web-rr.streamops.aol.co...agi3.0.84.2.cab (Reg Error: Key error.)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Fashion%20Fits/Images/armhelper.ocx (ArmHelper Control)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.243.0.12

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOOGLEDESKTOPNETWORK3.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O24 - Desktop BackupWallPaper: C:\Users\Dan\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{1740d988-f367-11de-b2a0-0016b69bff0d}\Shell - "" = AutoRun

O33 - MountPoints2\{1740d988-f367-11de-b2a0-0016b69bff0d}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)

O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/02 08:18:54 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

[2011/02/01 16:36:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A Girl in the City

[2011/02/01 16:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\A Girl in the City

[2011/01/30 21:05:06 | 000,000,000 | ---D | C] -- C:\UBCD4Win

[2011/01/30 21:03:01 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\AVG10

[2011/01/30 21:02:09 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files

[2011/01/30 21:01:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2011

[2011/01/30 20:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10

[2011/01/30 20:59:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG

[2011/01/30 20:42:56 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Winamp

[2011/01/30 20:31:10 | 000,000,000 | -H-D | C] -- C:\$AVG

[2011/01/30 20:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData

[2011/01/29 19:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2011/01/27 22:01:36 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes

[2011/01/27 22:01:11 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/01/27 22:01:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/01/27 22:01:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/01/27 22:01:07 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/01/27 22:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/01/27 20:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/01/15 08:47:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011/01/15 08:47:17 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011/01/12 19:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Supermarket Mania 2

[2011/01/12 19:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Supermarket Mania 2

[2011/01/12 19:27:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cooking Dash 3 - Thrills and Spills

[2011/01/12 19:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\Cooking Dash 3 - Thrills and Spills

[2011/01/12 19:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Soap Opera Dash

[2011/01/12 19:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Soap Opera Dash

[2011/01/12 19:24:52 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient

[2011/01/11 10:25:27 | 000,000,000 | ---D | C] -- C:\Windows\A055FB62CF734839AD83122ABCB92418.TMP

[2011/01/11 10:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX

[2011/01/11 10:23:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LeapFrog Connect

[2011/01/11 10:23:14 | 000,000,000 | ---D | C] -- C:\Windows\C6359569E03E4CDC98E8CDD080C6EEB5.TMP

[2011/01/11 10:23:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2011/01/11 10:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Leapfrog

[2011/01/11 10:22:32 | 000,000,000 | ---D | C] -- C:\Program Files\LeapFrog

[2011/01/06 19:17:05 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache

[2011/01/04 16:39:00 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Skype

[2011/01/04 16:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011/01/04 16:33:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2011/01/04 16:33:41 | 000,000,000 | R--D | C] -- C:\Program Files\Skype

[2011/01/04 16:33:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype

[2008/04/11 15:26:42 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/02 08:20:06 | 000,133,632 | ---- | M] () -- C:\Users\Dan\Desktop\RKUnhookerLE.EXE

[2011/02/02 08:19:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/02/02 08:19:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/02/02 08:18:54 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe

[2011/02/02 07:46:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/02/02 06:45:38 | 000,163,364 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/02/02 06:45:22 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/02/01 18:56:36 | 000,163,365 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/02/01 16:37:23 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Play A Girl in the City.lnk

[2011/02/01 16:37:23 | 000,001,202 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk

[2011/02/01 08:59:27 | 105,103,635 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2011/01/31 20:18:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/01/30 21:01:32 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk

[2011/01/30 20:10:33 | 000,003,935 | ---- | M] () -- C:\Users\Dan\Desktop\ark.zip

[2011/01/30 19:52:04 | 559,414,795 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2011/01/29 21:45:26 | 000,296,448 | ---- | M] () -- C:\Users\Dan\Desktop\c0yelp7q.exe

[2011/01/29 21:44:58 | 000,624,128 | ---- | M] () -- C:\Users\Dan\Desktop\dds.scr

[2011/01/29 21:43:05 | 000,000,000 | ---- | M] () -- C:\Users\Dan\defogger_reenable

[2011/01/29 19:16:29 | 000,000,766 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/01/28 20:51:01 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/01/28 20:51:01 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/01/27 22:01:11 | 000,000,892 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/01/27 22:01:11 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/27 20:11:42 | 000,001,626 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/01/27 19:34:46 | 000,428,490 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/01/15 08:47:29 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/01/12 19:28:33 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Play Supermarket Mania 2.lnk

[2011/01/12 19:28:11 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Play Cooking Dash 3 - Thrills and Spills.lnk

[2011/01/12 19:26:22 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\Play Soap Opera Dash.lnk

[2011/01/11 10:25:15 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk

[2011/01/04 16:33:42 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/02 08:20:06 | 000,133,632 | ---- | C] () -- C:\Users\Dan\Desktop\RKUnhookerLE.EXE

[2011/02/01 16:37:23 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Play A Girl in the City.lnk

[2011/02/01 16:37:23 | 000,001,202 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk

[2011/02/01 08:59:27 | 105,103,635 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm

[2011/01/30 21:01:32 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk

[2011/01/30 20:10:33 | 000,003,935 | ---- | C] () -- C:\Users\Dan\Desktop\ark.zip

[2011/01/29 21:45:25 | 000,296,448 | ---- | C] () -- C:\Users\Dan\Desktop\c0yelp7q.exe

[2011/01/29 21:44:58 | 000,624,128 | ---- | C] () -- C:\Users\Dan\Desktop\dds.scr

[2011/01/29 21:43:05 | 000,000,000 | ---- | C] () -- C:\Users\Dan\defogger_reenable

[2011/01/29 19:16:29 | 000,000,766 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2011/01/27 22:01:11 | 000,000,892 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk

[2011/01/27 22:01:11 | 000,000,868 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/01/27 20:11:42 | 000,001,626 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/01/15 08:47:29 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

[2011/01/12 19:28:33 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Play Supermarket Mania 2.lnk

[2011/01/12 19:28:11 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Play Cooking Dash 3 - Thrills and Spills.lnk

[2011/01/12 19:26:22 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\Play Soap Opera Dash.lnk

[2011/01/12 19:24:54 | 000,001,674 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk

[2011/01/12 19:24:52 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk

[2011/01/11 10:25:15 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\LeapFrog Connect.lnk

[2011/01/04 16:33:42 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/09/28 17:27:17 | 000,000,023 | ---- | C] () -- C:\Windows\Mahjongg Variations.INI

[2010/02/27 23:29:49 | 000,163,365 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010/02/27 23:29:49 | 000,163,364 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/09/23 17:25:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/24 19:32:36 | 000,056,056 | ---- | C] () -- C:\Windows\System32\DLAAPI_W.DLL

[2009/08/19 22:29:14 | 000,000,881 | ---- | C] () -- C:\Users\Dan\AppData\Local\RT2500PCI_{23594D5B-0BA3-47AD-A8FA-F7E240EB2385}_sta

[2009/08/19 22:28:55 | 000,000,854 | ---- | C] () -- C:\Users\Dan\AppData\Local\RT2500PCI_{23594D5B-0BA3-47AD-A8FA-F7E240EB2385}_prof

[2009/08/19 18:44:36 | 000,001,155 | ---- | C] () -- C:\Windows\System32\WLAN.INI

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/05/08 09:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll

[2009/04/30 21:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2009/04/30 15:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2009/04/03 20:02:59 | 000,001,356 | ---- | C] () -- C:\Users\Dan\AppData\Local\d3d9caps.dat

[2008/11/20 17:44:19 | 000,002,822 | ---- | C] () -- C:\Windows\wininit.ini

[2007/11/03 20:42:39 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2007/11/03 20:42:39 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI

[2007/11/03 20:42:11 | 000,000,215 | ---- | C] () -- C:\Windows\Brpfx04a.ini

[2007/11/03 20:42:11 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini

[2007/11/03 20:38:59 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll

[2007/10/31 20:44:58 | 000,085,504 | ---- | C] () -- C:\Users\Dan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll

[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

[2006/06/23 08:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2011/01/30 21:03:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\AVG10

[2008/11/24 16:37:32 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\GARMIN

[2008/01/18 08:41:56 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ICAClient

[2007/11/01 17:32:08 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\iWin

[2010/09/21 07:48:51 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Juniper Networks

[2009/02/07 17:07:05 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Leadertech

[2010/12/09 11:29:25 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\LimeWire

[2008/11/20 17:32:11 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\ooVoo Details

[2007/11/01 09:31:46 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\PlayFirst

[2010/06/21 20:47:01 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\SulusGames

[2010/05/20 12:06:41 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\TechWizard

[2008/05/12 19:02:59 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\acccore

[2008/02/13 17:32:51 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Alawar

[2008/08/07 22:37:16 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Amaranth Games

[2010/09/26 19:19:11 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Artifex Mundi

[2011/01/31 08:33:36 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\AVG10

[2008/09/12 19:35:28 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\BeachPartyCraze

[2008/08/25 21:56:39 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\BFG_JanesRealty

[2010/08/01 20:25:53 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Bicyclestudios

[2010/05/06 19:11:14 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Big Fish Games

[2010/09/13 19:24:48 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Big Splash Games

[2009/06/22 19:58:11 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\BlamGames

[2008/07/16 20:07:45 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\blg

[2007/12/20 20:52:57 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\BloodTies

[2009/03/14 18:21:51 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Boolat Games

[2010/07/24 13:59:42 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Boomzap

[2010/02/24 14:40:47 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\BVS Solitaire Collection

[2009/07/20 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Camel101

[2007/11/27 16:52:27 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Chicken Chase

[2009/06/23 19:07:01 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\CupcakeCafe

[2007/12/09 12:50:44 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\DassaultSystemes

[2010/12/12 11:56:01 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Digiarty

[2009/01/05 19:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\eGames

[2009/03/13 18:21:05 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\EleFun Games

[2010/06/25 19:03:30 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ERS G-Studio

[2010/08/01 20:06:40 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ERS Game Studios

[2008/05/18 18:10:56 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Eyeblaster

[2010/08/03 12:14:34 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Fabulous Finds

[2010/01/26 20:53:32 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Friday's games

[2010/08/10 19:51:47 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\funkitron

[2008/12/31 18:49:34 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Gaijin Ent

[2008/11/18 19:27:09 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Gamelab

[2010/07/23 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Gamers Digital

[2010/06/11 13:30:54 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\GamesCafe

[2008/08/20 21:35:00 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Go-Go Gourmet Chef of the Year

[2010/09/19 19:10:31 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Gold Casual Games

[2011/02/01 16:38:35 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\HdO Adventure

[2007/12/16 13:21:53 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Home Sweet Home

[2008/09/10 20:56:56 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Home Sweet Home 2

[2010/08/04 14:19:06 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Hotdog Hotshot

[2007/12/06 16:06:33 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ICAClient

[2010/12/12 13:10:12 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ImgBurn

[2010/12/12 14:33:34 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\InfraRecorder

[2009/09/07 16:53:27 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ISIS Drivers

[2008/05/22 20:18:39 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ITTNord

[2009/06/24 09:47:42 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\iWin

[2007/12/12 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\iWinArcade

[2008/04/01 19:49:41 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Jane s Hotel Family Hero

[2010/11/05 09:54:50 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Juniper Networks

[2009/09/01 12:03:47 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\KewlBoxPrefs

[2008/07/23 21:00:50 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\LinkedLetters

[2010/08/02 16:04:08 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Ludia

[2008/02/18 13:43:41 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Magic Seeds

[2010/03/30 16:02:48 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\MemoryClinic

[2008/04/26 20:25:07 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\My Games

[2010/08/19 19:42:11 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\MysteryStudio

[2008/09/12 20:19:05 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Oberon Games

[2008/06/23 20:20:37 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ooVoo Details

[2011/01/12 19:27:09 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\PlayFirst

[2010/09/18 20:35:57 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Pogo Games

[2008/01/10 13:08:25 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Sandlot Games

[2009/04/18 16:08:18 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Shape games

[2007/11/14 16:53:37 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\SpinTop

[2010/06/19 22:00:47 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\SulusGames

[2007/11/21 18:28:35 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Super-Cow

[2010/12/10 21:17:32 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Supermarket Mania 2

[2007/12/03 12:44:29 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Teggo

[2010/08/02 18:37:20 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Total Eclipse

[2009/04/18 16:00:13 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\UClick

[2008/12/11 20:10:06 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Valusoft

[2010/08/01 20:13:20 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Vast Studios

[2009/02/16 19:11:23 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\ViquaSoft

[2010/12/12 11:53:57 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Vso

[2010/12/12 14:03:38 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\WeatherBug

[2008/12/29 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\World-LooM

[2008/01/08 13:17:17 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\Yatec Games

[2009/07/20 15:05:31 | 000,000,000 | ---D | M] -- C:\Users\Kate\AppData\Roaming\YoudaGames

[2011/01/31 18:54:17 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2010/12/16 03:30:59 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{830338DF-A774-41A6-BE4C-4F3440134830}.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EE49CE4E

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:47417312

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:3BAD65EA

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:C8182692

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:953FDC1A

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:88E71AC6

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:501D1A8D

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:9AA05701

@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:6677D85A

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:BDF08FAF

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:AA004D25

@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:81A3F151

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:DE6EED8B

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:63F8EC77

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:57EE48CA

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:3815BC84

@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:6C13E971

@Alternate Data Stream - 595 bytes -> C:\ProgramData\TEMP:D81A09B0

@Alternate Data Stream - 443 bytes -> C:\ProgramData\TEMP:766C5F65

@Alternate Data Stream - 358 bytes -> C:\ProgramData\TEMP:B9502C3B

@Alternate Data Stream - 343 bytes -> C:\ProgramData\TEMP:4CB560CF

@Alternate Data Stream - 335 bytes -> C:\ProgramData\TEMP:4EDC977B

@Alternate Data Stream - 328 bytes -> C:\ProgramData\TEMP:B10B000C

@Alternate Data Stream - 315 bytes -> C:\ProgramData\TEMP:BF1A3FF2

@Alternate Data Stream - 298 bytes -> C:\ProgramData\TEMP:5C5DFEA1

@Alternate Data Stream - 236 bytes -> C:\ProgramData\TEMP:D8F9D810

@Alternate Data Stream - 229 bytes -> C:\ProgramData\TEMP:393F7B1E

@Alternate Data Stream - 224 bytes -> C:\ProgramData\TEMP:03D08225

@Alternate Data Stream - 200 bytes -> C:\ProgramData\TEMP:D2A5A561

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:CAFA2B66

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:FC5A6A39

@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:AF9418F3

@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:0AA21473

@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:BCDC6E07

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:99C301D0

@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:4A966CC2

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:F0A06891

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:E3C56885

@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:5D10C56A

@Alternate Data Stream - 138 bytes -> C:\ProgramData\TEMP:C1F1392C

@Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:9491C9C7

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:816255C3

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:2EB79F01

@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:15E76ABF

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:FEECF2C8

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:F67AAFC5

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E6C6EB3B

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:D3EC24B3

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:0D52F295

@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:31F2397C

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:523322F2

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:1585E7B2

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:ED9B661E

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:BB0256E7

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:9D6EAEC3

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:26939499

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:413E2927

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3790BACD

@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:294A5F28

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:A02025CE

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:53DF4438

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B3A6CA11

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:A1023D41

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4C49306C

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:E83EE313

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:7B403ABD

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:75A89023

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:47BC930A

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:43E0EC8A

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0E19514

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:ABE1143A

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A9E9471A

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:A42A9F39

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:75B0EC75

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:5433DBEF

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:417B6FAC

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:0860D6D6

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:067F588D

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:01C1407E

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E8CB831A

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4E6B8D68

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:D1713795

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BBF60A29

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:BABA07C2

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:8B51CAAE

@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:32A82570

@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:4363DE71

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:EAFE3041

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E11ABA64

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:D9987109

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:CFF6B3FF

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A71068F5

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9857FAE3

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:60C897F3

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5F1019FF

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:2EC5D66C

@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:00811B66

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:F9E46E4C

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:EC7C9796

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E5DE9C8F

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E4FCDFD9

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:949C1D68

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:67C320D1

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:517B507A

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:48FEA089

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:18897B1D

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:DD629819

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:D8DB81DC

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:BE40C8A2

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:97C84299

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:26A148EB

@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0B3B557D

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:CE6885F1

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:543CAD1B

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:25BB767E

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:22741C1F

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:1037D53D

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:067BF339

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:F69BB936

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CC7738DB

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:C0B3E068

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3EA7510F

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:304D2C3C

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:08801FDB

@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:05F547A9

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DE9F4320

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:831C6B2D

@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:554C6431

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:FC60E0F8

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9744B982

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:34B9286E

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:33AFD01D

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:2B23F844

@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:17F7AEA3

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:EA701346

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B093E177

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:A4BF246C

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:95EBD4E0

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:490BCC52

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:EC0A74A1

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E84CA8F2

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E2989574

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D7DA89B1

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B4CF4C16

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:A561576B

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B2E808DA

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5B43B7AD

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:33DB8278

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:29BCDA07

@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:0551F1FA

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:E1D818F7

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DF0BC727

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:991838E5

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:957E9765

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:90D89144

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:708BB0FA

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:565B2702

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:3C4C57F9

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:086DE893

@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:B3B7A337

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:7AF9CAEB

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:322017CE

@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:00C31200

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:98D7EE1C

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:89C6F032

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:729F5FF8

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:723E56EC

@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:10D98D98

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D669DCA2

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:79CBD5FF

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:44EBAA62

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:2836460B

@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:13DF9DD1

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:FFF5C900

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:69FD6BF0

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4AD2C54D

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4A1628E5

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:423D596A

@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:33611CFB

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D31BE97C

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:BF09BC9E

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:A0C7D68A

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:940EEA60

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:15752405

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:02B823FE

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:A93CCA6B

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:67BA17B9

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:4E3940D6

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:12EA4DC9

@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:017C5853

@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:17D0151A

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:A4CDE823

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:88888E24

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:883EDFB5

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4DF74DCB

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 2/2/2011 8:19:45 AM - Run 1

OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Dan\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 55.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.96 Gb Total Space | 24.17 Gb Free Space | 17.40% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 5.79 Gb Free Space | 57.90% Space Free | Partition Type: NTFS

Computer Name: GASSY | User Name: Dan | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = FirefoxHTML] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1"

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1135531938-1397933090-470356859-1001]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1135531938-1397933090-470356859-1002]

"EnableNotifications" = 0

"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0697ABFD-6730-4D81-AA1A-572097B89DAD}" = lport=37674 | protocol=17 | dir=in | name=oovoo udp port 37674 |

"{0FCEA478-F072-4DF8-A0FF-FE757F6F67FF}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv media server discovery |

"{11A4C266-3653-4E6D-934F-2D9A7BABEF0C}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

"{1AEC3986-667B-47FC-82D9-2749D526A041}" = lport=37674 | protocol=6 | dir=in | name=oovoo tcp port 37674 |

"{2BBA8A21-3910-4FE0-85F1-1BA279D51A18}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv media server upnp discovery |

"{59421485-B658-46DE-8AD9-40708A78ECBE}" = lport=50000 | protocol=17 | dir=in | name=iha_messagecenter |

"{63F967B3-F016-4940-877C-A5F320804AF6}" = lport=443 | protocol=6 | dir=in | name=oovoo tcp port 443 |

"{AC9F675B-D086-403E-A93F-683B24FE89C3}" = lport=443 | protocol=17 | dir=in | name=oovoo udp port 443 |

"{E39F8CC8-2960-4BEB-8704-4CC6B41C7295}" = lport=37675 | protocol=17 | dir=in | name=oovoo udp port 37675 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{04D03D7D-9CA0-4401-887C-1AE5DD6746F7}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{08C3708C-00C0-43AF-8B50-3C5792B48DA9}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{1B60B18A-4EE6-43F0-9D69-52C5763BAC33}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{28735995-675A-4C69-B2AA-409368011C7B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{29E3FD6C-DB6C-40B9-888C-2E88AF61CB0C}" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |

"{2A57D362-2D4B-4AE4-9E73-E446298F83CA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{39FC9E37-1A2D-4FCA-AB1E-9A03CF9A0652}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |

"{3BEBF1C9-D272-4C10-A31D-FDA83032ED99}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{42F9DC9E-FC2C-4980-8C38-57FD7DF1042E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{45087C91-D5D7-484D-8875-010A67B30B3B}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

"{49DD1524-CD88-4EF0-B96B-5A36900D35BB}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |

"{4A3AFF3A-2E47-44FA-AE13-25933C3113CD}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{53615A89-D843-49DE-9C8D-27DA54E736AD}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{5681A523-BC46-4782-BD6F-BAB28BCF0D8A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{59FDE398-4430-44AB-8A60-00761830ED46}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |

"{5AA1963F-BBA6-461F-9FA8-02C0800C96B2}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |

"{5CE355CC-1031-4302-8416-5DDC5CDCFDCA}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |

"{67B4C26B-4CDF-4E0F-8DCB-2D08CFB4350E}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |

"{684D38C5-05F5-4523-A99A-851DA139B5AF}" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |

"{75C6B232-5D48-4F93-BC5F-5A02EEE808B5}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |

"{7ED649CB-240F-4722-A0C9-CEF80670358F}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{8CCE966B-0A79-4612-940D-652F8096A9A3}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |

"{90FCD2D8-925F-4E0C-A2A4-93A39C8DA7A3}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |

"{B016C59C-8F3C-4C3E-8A30-03F901EE77EC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{B5DD6A7B-43BD-4896-B9A7-5C8708A75500}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |

"{D1D3BCDB-133F-4BF2-ACFC-8E3628E2095A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{D6B4F079-9E41-4FDA-A36E-8F0657FE083F}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |

"{D747DCDA-9A4F-4AD0-9568-5D65C7AB59B4}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |

"{F14FCAA0-9ECE-497F-B793-9ED051E4B4A5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |

"TCP Query User{4EAE4B9B-F83A-4840-8B40-98DA69AF1556}G:\techwizard.exe" = protocol=6 | dir=in | app=g:\techwizard.exe |

"TCP Query User{BD5F0978-6823-4D16-BE95-084CE80CDB22}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{4C2C8F07-2CDC-4354-8CA8-AED32B85575D}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |

"UDP Query User{A26B5619-7C15-4A92-B43B-2E5C68A7CBC3}G:\techwizard.exe" = protocol=17 | dir=in | app=g:\techwizard.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv Software

"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java SE Runtime Environment 6

"{352310C3-E46B-42D3-8F32-54721FDD72D9}" = NetZeroInstallers

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{366FFC89-C800-4366-B903-B9C4314109A5}" = Garmin WebUpdater

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher

"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{42ACCB45-3363-47E0-94E9-F0074CC8BC56}" = Citrix Presentation Server Client

"{4DDC3BED-CC68-44AA-B435-D727B620CA5B}" = Linksys Wireless-G PCI Adapter

"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent

"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{68658FCB-01BB-4980-A7C3-6ADB1E4E0C66}" = Browntech Image Plugin 2.02

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{A055FB62-CF73-4839-AD83-122ABCB92418}" = LeapFrog Tag Junior Plugin

"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor

"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes

"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1

"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype

Link to post
Share on other sites

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows Vista

Version 6.0.6002 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0x8C009000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 11001856 bytes (NVIDIA Corporation, NVIDIA Windows Kernel Mode Driver, Version 258.96 )

0x81E0A000 C:\Windows\system32\ntkrnlpa.exe 3903488 bytes (Microsoft Corporation, NT Kernel & System)

0x8EA05000 C:\Windows\system32\DRIVERS\LV302V32.SYS 2682880 bytes (Logitech Inc., Logitech Webcam Software Driver)

0x940A0000 C:\Windows\System32\win32k.sys 2109440 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0x8BA00000 C:\Windows\System32\Drivers\dump_iaStor.sys 1789952 bytes

0x87C0C000 C:\Windows\system32\drivers\iastor.sys 1789952 bytes (Intel Corporation, Intel Rapid Storage Technology driver - x86)

0x88207000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)

0x87E73000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)

0x8CC0A000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)

0x88009000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)

0x804DE000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)

0xA1C02000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)

0x8CD0D000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0x8E295000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)

0x8CA89000 C:\Windows\System32\drivers\dxgkrnl.sys 659456 bytes (Microsoft Corporation, DirectX Graphics Kernel)

0x8810E000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)

0x80608000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)

0x87E02000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)

0x80414000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)

0x8E382000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)

0x8D166000 C:\Windows\system32\drivers\stwrt.sys 339968 bytes (SigmaTel, Inc., NDRC)

0x9F0C6000 C:\Windows\System32\DRIVERS\srv.sys 319488 bytes (Microsoft Corporation, Server driver)

0x807AD000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)

0x8072D000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)

0x8DD06000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0x8DC78000 C:\Windows\system32\DRIVERS\avgtdix.sys 294912 bytes (AVG Technologies CZ, s.r.o., AVG Network connection watcher)

0x80691000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)

0x8049D000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)

0x8D001000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)

0x8ECA8000 C:\Windows\system32\DRIVERS\lvrs.sys 262144 bytes (Logitech Inc., Logitech Kernel Audio Improvement Filter Driver)

0x8CB78000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0x8E20C000 C:\Windows\system32\DRIVERS\avgldx86.sys 245760 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0x8DD85000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0x8819B000 C:\Windows\system32\DRIVERS\RT2500.sys 245760 bytes (Ralink Technology Inc., RT2500 802.11g Wireless Adapter Driver)

0x87FA9000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)

0x9F04D000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)

0x88317000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)

0x8CB36000 C:\Windows\system32\DRIVERS\e1e6032.sys 225280 bytes (Intel Corporation, Intel® PRO/1000 Adapter NDIS 6 deserialized driver)

0x8D10B000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)

0x821C3000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xA1D4C000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)

0x87DC1000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0x8DCC0000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)

0x805BE000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)

0x8D1B9000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0x87F7E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)

0x8CBC5000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)

0x8E345000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)

0xA1D08000 C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 163840 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Driver.)

0x9F123000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)

0x9F09E000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)

0x88367000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)

0x806E8000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)

0x881D7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)

0x8D06F000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))

0x8839F000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)

0x9F00D000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0x8DC0F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)

0x9F02E000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0x8DDE2000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)

0x880F3000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)

0x8ED4E000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)

0x883E4000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)

0x8CDDB000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)

0x8ED75000 C:\Windows\System32\DLA\DLAIFS_M.SYS 98304 bytes (Roxio, Drive Letter Access Component)

0x9F086000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)

0x8DDCB000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)

0x8EDB8000 C:\Windows\System32\DLA\DLAUDF_M.SYS 94208 bytes (Roxio, Drive Letter Access Component)

0x8D04D000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)

0x8E248000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)

0x8ED12000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)

0x8EDA2000 C:\Windows\System32\DLA\DLAUDFAM.SYS 90112 bytes (Roxio, Drive Letter Access Component)

0x80797000 C:\Windows\System32\Drivers\DRVMCDB.SYS 90112 bytes (Sonic Solutions, Device Driver)

0x8DD4E000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)

0x8DC62000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)

0x8BBEA000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)

0x8D0B5000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)

0x8D0A1000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)

0x8DCF2000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)

0x8E36F000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)

0x8DD72000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)

0x8EC96000 C:\Windows\system32\drivers\usbaudio.sys 73728 bytes (Microsoft Corporation, USB Audio Class Driver)

0x8E284000 C:\Windows\System32\Drivers\BrSerIf.sys 69632 bytes (Brother Industries Ltd., Brotehr Serial I/F Driver (WDM))

0x8838E000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)

0x8D14A000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)

0x80484000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)

0x80787000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)

0x8ECF1000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)

0x8EDDE000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)

0x80777000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)

0x8D0CA000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)

0x8BBCF000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)

0x8ED3F000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)

0x88358000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0x8070F000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)

0x8D092000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)

0x8CBB6000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)

0x8071E000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)

0x942E0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)

0x8DD64000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)

0x8DC4B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)

0x8ED28000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)

0x8CDC1000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)

0x8D0FE000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)

0x8E274000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)

0x80684000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)

0x8D1E6000 C:\Windows\system32\DRIVERS\avgmfx86.sys 49152 bytes (AVG Technologies CZ, s.r.o., AVG Resident Shield Minifilter Driver)

0xA1CEA000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)

0xA1D40000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)

0x8BBDE000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)

0x8CB2A000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)

0x9F114000 C:\Windows\system32\DRIVERS\AVGIDSShim.Sys 45056 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Loader Driver.)

0x8ED69000 C:\Windows\System32\Drivers\DRVNDDM.SYS 45056 bytes (Roxio, Device Driver Manager)

0x8CDCE000 C:\Windows\system32\DRIVERS\fdc.sys 45056 bytes (Microsoft Corporation, Floppy Disk Controller Driver)

0x8D0DA000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)

0x8D0E5000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)

0x8DC40000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)

0x8D064000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)

0x8D042000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)

0xA1D35000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)

0x8BBBB000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x8CB6D000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)

0xA1CFE000 C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 40960 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Filter Driver.)

0x8ED35000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)

0x8D140000 C:\Windows\system32\DRIVERS\flpydisk.sys 40960 bytes (Microsoft Corporation, Floppy Driver)

0x8D0F4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)

0x8EDEE000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)

0x8DDC1000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)

0xA1CE0000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)

0x8E261000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)

0x883CE000 C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 36864 bytes (AVG Technologies CZ, s.r.o. , IDS Application Activity Monitor Helper Driver.)

0x883C0000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)

0x8D1F2000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)

0x8ECE8000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)

0x8ED01000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)

0x8E26B000 C:\Windows\system32\drivers\LVUSBSta.sys 36864 bytes (Logitech Inc., USB Statistic Driver)

0xA1DB4000 C:\Windows\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)

0x87DF3000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)

0x8DC59000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)

0x942C0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)

0x8BBC6000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)

0x806D7000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)

0x80495000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)

0x8ED0A000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)

0x806E0000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)

0x8DC30000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x8DC38000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)

0x88350000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)

0xA1CF6000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)

0x8CDF9000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)

0x8ED94000 C:\Windows\System32\DLA\DLABMFSM.SYS 28672 bytes (Roxio, Drive Letter Access Component)

0x8ED9B000 C:\Windows\System32\DLA\DLABOIOM.SYS 28672 bytes (Roxio, Drive Letter Access Component)

0x8EDD7000 C:\Windows\system32\DRIVERS\elagopro.sys 28672 bytes (Gteko Ltd., Gteko's GoProto protocol driver)

0x8CBF8000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)

0x8040D000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)

0x8EDF8000 C:\Windows\system32\DRIVERS\nmsgopro.sys 28672 bytes (Gteko Ltd., Gteko's GoProto protocol driver)

0x8D15B000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)

0x8CC00000 C:\Windows\System32\Drivers\DLARTL_M.SYS 24576 bytes (Roxio, Shared Driver Component)

0x8CDF3000 C:\Windows\System32\Drivers\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)

0x883C9000 C:\Windows\system32\DRIVERS\avgrkx86.sys 20480 bytes (AVG Technologies CZ, s.r.o., AVG Anti-Rootkit Driver)

0x8ED8D000 C:\Windows\System32\DLA\DLAOPIOM.SYS 20480 bytes (Roxio, Drive Letter Access Component)

0xA1D30000 C:\Windows\system32\Drivers\LVPr2Mon.sys 20480 bytes (-, -)

0x9F14B000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)

0x8E281000 C:\Windows\System32\Drivers\BrUsbSer.sys 12288 bytes (Brother Industries Ltd., Brother USB Serial Driver)

0x8CDD9000 C:\Windows\System32\Drivers\DLACDBHM.SYS 8192 bytes (Roxio, Shared Driver Component)

0x8ED92000 C:\Windows\System32\DLA\DLAPoolM.SYS 8192 bytes (Roxio, Drive Letter Access Component)

0x9F11F000 C:\Windows\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)

0x9F121000 C:\Windows\system32\DRIVERS\elaunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)

0x8D0F2000 C:\Windows\System32\Drivers\IntelDH.sys 8192 bytes (Intel Corporation, Intel® software driver for Intel® Viiv technology)

0x8EC94000 C:\Windows\system32\DRIVERS\lv302af.sys 8192 bytes (Logitech Inc., Audio filter for Express Plus)

0x9F14F000 C:\Windows\system32\DRIVERS\nmsunidr.sys 8192 bytes (Gteko Ltd., GUniDriver)

0x8CA87000 C:\Windows\system32\DRIVERS\nvBridge.kmd 8192 bytes (NVIDIA Corporation, NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 258.96 )

0x8D0F0000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)

0x8E25F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)

0x8ED74000 C:\Windows\System32\DLA\DLADResM.SYS 4096 bytes (Roxio, Drive Letter Access Component)

==============================================

>Stealth

==============================================

0x01990000 Hidden Image-->IntelVisualDesign.dll [ EPROCESS 0x86832B68 ] PID: 5084, 1069056 bytes

0x04800000 Hidden Image-->IntelVisualDesign.dll [ EPROCESS 0x84A944B8 ] PID: 636, 1069056 bytes

0x00A00000 Hidden Image-->IAStorUtil.dll [ EPROCESS 0x848489B0 ] PID: 3132, 151552 bytes

0x00360000 Hidden Image-->IAStorUtil.dll [ EPROCESS 0x86832B68 ] PID: 5084, 151552 bytes

0x00B10000 Hidden Image-->IAStorUtil.dll [ EPROCESS 0x84A944B8 ] PID: 636, 151552 bytes

0x018E0000 Hidden Image-->IAStorUIHelper.dll [ EPROCESS 0x86832B68 ] PID: 5084, 184320 bytes

0x03EC0000 Hidden Image-->IAStorUIHelper.dll [ EPROCESS 0x84A944B8 ] PID: 636, 184320 bytes

0x03A00000 Hidden Image-->msvcm90.dll [ EPROCESS 0x848489B0 ] PID: 3132, 270336 bytes

0x00AC0000 Hidden Image-->log4net.dll [ EPROCESS 0x87405020 ] PID: 6080, 282624 bytes

0x00C30000 Hidden Image-->Interop.NetFwTypeLib.dll [ EPROCESS 0x87405020 ] PID: 6080, 36864 bytes

0x5FFF0000 Hidden Image-->unknown_code_page [ EPROCESS 0x84A797B0 ] PID: 6276, 61440 bytes

0x00A50000 Hidden Image-->IsdiInterop.dll [ EPROCESS 0x848489B0 ] PID: 3132, 73728 bytes

0x00800000 Hidden Image-->IAStorDataMgr.dll [ EPROCESS 0x848489B0 ] PID: 3132, 77824 bytes

Link to post
Share on other sites

Hello again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hello there, please let me know how things are running after the following fix.

CF-SCRIPT

-------------

We need to execute a CF-script.

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

Rootkit::
c:\windows\system32\drivers\kxldqpoc.sys

Driver::
kxldqpoc

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

The bsod has not reocurred, it was very intermittent when it did. I am still having the original issues where I cannot run a full scan without the program encountering an error and closing. Scan seems to work OK in safe mode, and quick scan works fine. I cannot run a full scan with this software logged in normally. Any ideas?

Thanks so much for the help thus far

-Dan

Link to post
Share on other sites

Please click start > run, type chkdsk /r and press enter. Type Y and press enter to schedule the disk check for next reboot. Restart your computer and allow the disk check to run unhindered. Note - this may take some time.

Afterwards try the scan again and let me know how it goes now.

Link to post
Share on other sites

Do you see at what file it hangs? It is possibly a larger archive and MBAM may want to extract it to a temporary location in order to scan whats inside.

You can also free up some diskspace, but 24 GB free space as you have shouldn't be a problem.

On the bright side, this problem is not malware related, so no worries that it doesn't finish because of malware. :)

UPDATE JAVA

------------------

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 23 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u23-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Check esetScanArchives.png
    7. Push the Start button.
    8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    9. When the scan completes, push esetListThreats.png
    10. Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
      Note - when ESET doesn't find any threats, no report will be created.
    11. Push the esetBack.png button.
    12. Push esetFinish.png

Link to post
Share on other sites

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch101.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch104.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch199.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch235.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch237.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch238.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch240.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch241.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch242.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch244.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch253.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch278.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch281.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined

C:\Users\Kate\AppData\Local\Mozilla\Firefox\Profiles\rlhul47n.default\Cache\6F8B1593d01 a variant of Win32/FenomenGame application cleaned by deleting - quarantined

C:\Users\Kate\AppData\Local\Mozilla\Firefox\Profiles\rlhul47n.default\Cache\B761CCADd01 a variant of Win32/FenomenGame application cleaned by deleting - quarantined

C:\Users\Kate\Desktop\limewire music\david cook billie jean.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

C:\Users\Kate\Desktop\limewire music\fired up funky greendogs.snd a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

C:\Users\Kate\Desktop\limewire music\shiny disco balls (best quality).mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\68a9cc5c-14d5fb34 multiple threats deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\6a183b45-67eb7f56 probably a variant of Win32/Agent.HRYTTOE trojan deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\d552d7a-7d7ee85e probably a variant of Win32/Agent.FPEXZHL trojan deleted - quarantined

Link to post
Share on other sites

You are most welcome. :)

ALL CLEAN

--------------

Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :)

Please do the following to remove the remaining programs from your PC:

  • Delete the tools used during the disinfection:
    • Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.
    • Delete DDS, Rootkit Unhooker, GMER (this is a random named file) and OTL.

Please read these advices, in order to prevent reinfecting your PC:

  1. Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.

[*]Keep Windows (and your other Microsoft software) up to date!

I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.

Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!

[*]Keep your other software up to date as well

Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.

[*]Stay up to date!

The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.