Jump to content

Recommended Posts

I have the maleware titled Vista Total Security. It has disable my antiviruses (Avira & Microsoft Security Essentials). I am in safe mode w/ networking. I can download Malewarebytes, but I cannot install it.

Here are my logs:

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Chad at 23:00:31.45 on Mon 03/21/2011

Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_23

Microsoft

Attach.zip

Link to post
Share on other sites

I was able to run Malwarebytes and then OTL. The fake antivirus seems to be gone. However, for some reason I can't run Internet Explorer (Firefox works fine), it says Explorer.exe not found? Thanks for the help!

Here are the logs:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6131

Windows 6.0.6002 Service Pack 2 (Safe Mode)

Internet Explorer 7.0.6002.18005

3/22/2011 9:15:20 AM

mbam-log-2011-03-22 (09-15-20).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 320523

Time elapsed: 47 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Users\Chad\AppData\Local\nlu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Chad\AppData\Local\xew.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Users\Chad\AppData\LocalLow\Sun\Java\deployment\cache\6.0\18\6f89b652-10c29a58 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

OTL logfile created on: 3/22/2011 9:25:58 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chad\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.74 Gb Total Space | 81.28 Gb Free Space | 59.44% Space Free | Partition Type: NTFS

Drive D: | 9.77 Gb Total Space | 5.63 Gb Free Space | 57.63% Space Free | Partition Type: NTFS

Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 09:25:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Downloads\OTL.exe

PRC - [2011/03/16 13:08:44 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2011/03/05 19:05:30 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe

PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2010/11/17 12:40:26 | 000,473,616 | ---- | M] () -- C:\Program Files\PdaNet for Android\PdaNetPC.exe

PRC - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe

PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

PRC - [2010/11/02 20:44:38 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/11/02 20:44:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/10/14 14:23:33 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/07/28 12:00:40 | 000,030,720 | ---- | M] () -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe

PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe

PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe

PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe

PRC - [2008/02/22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2007/12/21 10:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe

PRC - [2007/11/12 06:07:24 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/03/21 13:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

========== Modules (SafeList) ==========

MOD - [2011/03/22 09:25:08 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chad\Downloads\OTL.exe

MOD - [2010/08/31 10:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/03/17 20:53:21 | 003,229,784 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_d76cf65.dll -- (Akamai)

SRV - [2011/03/16 13:08:44 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2010/11/11 13:26:42 | 000,206,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)

SRV - [2010/11/02 20:44:38 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/07/28 12:00:40 | 000,030,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Palm, Inc\novacom\x86\novacomd.exe -- (NovacomD)

SRV - [2008/07/17 02:14:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/03/21 13:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2011/03/22 09:16:48 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{830320D8-B7EC-4305-B801-AC77E78AADE7}\MpKsl87cb29b3.sys -- (MpKsl87cb29b3)

DRV - [2011/03/16 13:08:45 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/22 19:53:48 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/10/24 22:25:38 | 000,054,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)

DRV - [2010/10/24 22:25:38 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)

DRV - [2010/09/02 17:49:06 | 000,013,312 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pneteth.sys -- (pneteth)

DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)

DRV - [2008/12/27 17:15:50 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2008/12/27 17:15:50 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)

DRV - [2008/04/01 14:33:16 | 000,019,456 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlyUsb.sys -- (FlyUsb)

DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®

DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080717

IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=0080717

IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

IE - HKU\S-1-5-21-3454773596-171055287-479412992-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {A4732521-77D9-447E-A557-B279AC923F06}:0.6.8

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/11/04 14:23:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/05 19:05:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/05 19:05:34 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 7\components [2010/12/25 17:59:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 7\plugins

[2008/08/20 15:54:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Extensions

[2011/03/21 09:20:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wl1vffoc.default\extensions

[2010/12/11 16:25:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wl1vffoc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/11 16:25:07 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Profiles\wl1vffoc.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}

[2010/12/12 11:42:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/05/12 21:58:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/09/17 15:56:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/12/12 11:42:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/11/04 14:23:52 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3

[2009/12/04 11:48:23 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\CHAD\APPDATA\ROAMING\MOVE NETWORKS

[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/06/09 14:57:19 | 000,221,184 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)

O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3454773596-171055287-479412992-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: AllowMultipleTSSessions = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data]

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3454773596-171055287-479412992-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-3454773596-171055287-479412992-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O24 - Desktop WallPaper: C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Users\Chad\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{3dece600-3156-11df-b471-00219bce7579}\Shell - "" = AutoRun

O33 - MountPoints2\{3dece600-3156-11df-b471-00219bce7579}\Shell\AutoRun\command - "" = G:\start.exe

O33 - MountPoints2\{abc69197-23ca-11de-9bc3-00219bce7579}\Shell - "" = AutoRun

O33 - MountPoints2\{abc69197-23ca-11de-9bc3-00219bce7579}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{deaf1b83-8b6e-11dd-9dfb-00219bce7579}\Shell - "" = AutoRun

O33 - MountPoints2\{deaf1b83-8b6e-11dd-9dfb-00219bce7579}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/22 08:26:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/03/22 08:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/03/22 08:26:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/03/21 21:05:36 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Chad\Desktop\bill.exe.exe

[2011/03/17 15:34:37 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/03/16 17:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker

[2011/03/09 12:04:24 | 000,000,000 | ---D | C] -- C:\Users\Chad\AppData\Local\PokerStars

[2011/03/09 12:03:33 | 000,000,000 | ---D | C] -- C:\Program Files\PokerStars

[2011/02/26 09:27:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell

[2011/02/24 15:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android

[2011/02/24 15:39:28 | 000,013,312 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\System32\drivers\pneteth.sys

[2011/02/24 15:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\PdaNet for Android

[2 C:\Users\Chad\Desktop\*.tmp files -> C:\Users\Chad\Desktop\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/22 09:28:04 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/03/22 09:21:24 | 010,885,230 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/03/22 09:21:23 | 003,817,338 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/03/22 09:19:57 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job

[2011/03/22 09:17:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/03/22 09:17:23 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/03/22 09:17:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/03/22 09:16:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/03/22 09:16:26 | 2137,042,944 | -HS- | M] () -- C:\hiberfil.sys

[2011/03/22 08:26:05 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/22 08:23:59 | 001,006,764 | ---- | M] () -- C:\Users\Chad\Desktop\rkill.exe

[2011/03/22 08:21:09 | 000,000,550 | ---- | M] () -- C:\Users\Chad\Desktop\fixme.bat

[2011/03/22 08:18:46 | 000,013,326 | -HS- | M] () -- C:\Users\Chad\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q

[2011/03/22 08:18:46 | 000,013,326 | -HS- | M] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q

[2011/03/21 23:52:24 | 000,003,374 | ---- | M] () -- C:\Users\Chad\Desktop\Attach.zip

[2011/03/21 23:03:24 | 000,301,568 | ---- | M] () -- C:\Users\Chad\Desktop\kxw4ejdc.exe

[2011/03/21 23:00:18 | 000,625,664 | ---- | M] () -- C:\Users\Chad\Desktop\dds.scr

[2011/03/21 22:58:33 | 000,000,000 | ---- | M] () -- C:\Users\Chad\defogger_reenable

[2011/03/21 22:57:00 | 000,050,477 | ---- | M] () -- C:\Users\Chad\Desktop\Defogger.exe

[2011/03/21 21:05:45 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Chad\Desktop\bill.exe.exe

[2011/03/21 20:56:48 | 000,001,356 | ---- | M] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat

[2011/03/16 13:08:45 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011/03/02 13:39:13 | 000,172,634 | ---- | M] () -- C:\Users\Chad\Documents\ResumeChadKyleB.pdf

[2011/02/24 15:39:31 | 000,000,840 | ---- | M] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

[2 C:\Users\Chad\Desktop\*.tmp files -> C:\Users\Chad\Desktop\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/22 09:16:26 | 2137,042,944 | -HS- | C] () -- C:\hiberfil.sys

[2011/03/22 08:26:05 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/03/22 08:23:53 | 001,006,764 | ---- | C] () -- C:\Users\Chad\Desktop\rkill.exe

[2011/03/22 08:21:09 | 000,000,550 | ---- | C] () -- C:\Users\Chad\Desktop\fixme.bat

[2011/03/21 23:52:24 | 000,003,374 | ---- | C] () -- C:\Users\Chad\Desktop\Attach.zip

[2011/03/21 23:03:12 | 000,301,568 | ---- | C] () -- C:\Users\Chad\Desktop\kxw4ejdc.exe

[2011/03/21 23:00:15 | 000,625,664 | ---- | C] () -- C:\Users\Chad\Desktop\dds.scr

[2011/03/21 22:58:33 | 000,000,000 | ---- | C] () -- C:\Users\Chad\defogger_reenable

[2011/03/21 22:56:59 | 000,050,477 | ---- | C] () -- C:\Users\Chad\Desktop\Defogger.exe

[2011/03/21 19:36:48 | 000,013,326 | -HS- | C] () -- C:\Users\Chad\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q

[2011/03/21 19:36:48 | 000,013,326 | -HS- | C] () -- C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q

[2011/03/02 13:39:11 | 000,172,634 | ---- | C] () -- C:\Users\Chad\Documents\ResumeChadKyleB.pdf

[2011/02/26 09:23:55 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs

[2011/02/26 09:23:55 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl

[2011/02/26 09:23:54 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml

[2011/02/24 15:39:31 | 000,000,840 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk

[2010/11/04 14:09:20 | 000,201,659 | ---- | C] () -- C:\Windows\hpoins43.dat

[2010/08/22 18:41:53 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

[2009/10/22 14:48:42 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/10/22 14:48:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/06/24 15:17:39 | 000,000,552 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d8caps.dat

[2009/05/22 04:25:35 | 000,000,675 | ---- | C] () -- C:\Windows\hpomdl43.dat

[2009/04/08 17:16:53 | 000,020,480 | ---- | C] () -- C:\Users\Chad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/01/19 12:36:13 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll

[2008/12/27 17:15:50 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys

[2008/12/27 17:15:50 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys

[2008/08/26 16:43:24 | 000,001,732 | ---- | C] () -- C:\Users\Chad\AppData\Roaming\wklnhst.dat

[2008/08/26 03:05:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/08/24 13:04:41 | 000,001,356 | ---- | C] () -- C:\Users\Chad\AppData\Local\d3d9caps.dat

[2008/07/17 04:39:40 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll

[2008/07/17 04:39:40 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll

[2008/07/17 04:39:40 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll

[2008/07/17 04:39:40 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll

[2008/07/17 04:39:40 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll

[2008/07/17 04:39:37 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/07/17 02:01:57 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll

[2008/07/17 02:01:57 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE

[2008/04/28 12:13:33 | 000,000,310 | ---- | C] () -- C:\Windows\primopdf.ini

[2008/02/03 18:11:25 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 07:47:37 | 000,382,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 05:33:01 | 010,885,230 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 05:33:01 | 003,817,338 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2009/09/13 11:11:58 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\CanuckSoftware

[2011/03/17 15:34:37 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2010/08/22 18:41:40 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Research In Motion

[2010/09/25 17:35:27 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\StreamTorrent

[2008/08/26 16:43:26 | 000,000,000 | ---D | M] -- C:\Users\Chad\AppData\Roaming\Template

[2011/03/21 19:39:40 | 000,032,604 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 81 bytes -> C:\Program Files\PlayersOnly Poker:MID

< End of report >

OTL Extras logfile created on: 3/22/2011 9:25:58 AM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chad\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 7.0.6002.18005)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 136.74 Gb Total Space | 81.28 Gb Free Space | 59.44% Space Free | Partition Type: NTFS

Drive D: | 9.77 Gb Total Space | 5.63 Gb Free Space | 57.63% Space Free | Partition Type: NTFS

Computer Name: CHAD-PC | User Name: Chad | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 7\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{08C1CE3B-F0E6-441E-8D79-791355889234}" = lport=49162 | protocol=6 | dir=in | name=akamai netsession interface |

"{5A92C0E6-B56E-4822-89AF-CA1B226B3A7D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{8F347FCE-787A-4DF1-AEF7-91ABD2C974F0}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

"{F7CBEE7A-3C94-4414-B60C-69612851A2DF}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0309CD3E-09D5-450E-8C1F-116C18DCAE67}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{13845598-BF7B-4275-8DDF-8B64B56C693A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |

"{15A2A896-72F6-4395-9AA2-8C8D7F7C11D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |

"{1687D305-0CC7-47DA-97DE-64DFE6C2EDC7}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |

"{188B96D2-E6AA-42AF-8CC8-D163684B0368}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{362FFDEB-1AC6-43A4-AEE0-FE32B1D39F5E}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |

"{3D004155-C430-478A-8EFF-C5F849B039A0}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |

"{40E4FD14-FAEB-498B-BD21-EEB58EFFF60F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |

"{52280234-3EF9-4AB1-8926-EF2E75C804C7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |

"{555EA2E9-C096-42E9-9451-78DE20DD8402}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{55C14AEA-6733-4740-BA51-42DE43455F88}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{5C2DE200-7A79-41C7-95EB-858547BBC265}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |

"{6099C691-DAFB-4069-B37D-E7C231DA60B7}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |

"{66EFFA8B-E085-4DE4-BCDF-3E4BB0E948DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |

"{6B6ED02F-19CB-489B-A54F-685663AD0B04}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |

"{703A88B0-4543-454A-A069-FA8E894ABAE6}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |

"{704D56A9-473E-4C56-9BE4-7C0187C8189D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |

"{741B51C4-45C8-45A7-81BA-3ED2B86A9CE5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{786571C4-5214-498F-A109-D338B4AA47A3}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{8560A8B2-C687-440B-98A1-9985D58D34EB}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{8AD552B8-B454-4C42-8A49-4523822B9D1E}" = dir=in | app=e:\setup\hpznui01.exe |

"{92424740-EF7D-42AE-BDA8-D289FCF0E19F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |

"{96547F59-63D2-43CB-A3AB-1B69CE5C4D83}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |

"{9AE23FCE-2AF7-4346-A433-0E904215F774}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |

"{AC6AFD2F-A186-42D5-884E-EDF8BDA7D483}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

"{AE02D21E-F357-431F-9A94-EE5E2FBD96EC}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |

"{B153DA1B-4338-4081-89E1-389FAEAEC896}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{C877E1E3-3592-4BCE-AE1F-5A9119C4142D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{DB0DB708-CBEB-4BF7-9E5B-D5D0979F3C29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{E3A05A65-2A1D-4B54-B543-43D6EE9DEC1C}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{EB7DD14A-13CD-4B39-A637-C954B4881273}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{FE877563-4379-4DDA-8450-27AE218FA86A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |

"TCP Query User{4A78B471-9E82-43BD-9E0D-3D1A3029E122}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |

"TCP Query User{DE0F9706-17DF-4952-8F51-9020FF95B11B}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{DE2C69B2-A266-4AE3-8E4E-994FA236A74E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{E00B72BB-CA1E-4D9C-BC75-65C09BC1A863}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"TCP Query User{E8F97066-34A4-4EE3-994E-0B5899096A89}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

"UDP Query User{1BADA8E1-0477-4518-9B81-69DDADA3A580}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe |

"UDP Query User{88CA3D61-3BEC-4AFB-95FF-2713A25E52DA}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |

"UDP Query User{9B9BD43A-5EF9-482B-B65B-2F72862E9C99}C:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\chad\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |

"UDP Query User{CCCB5104-A031-4E0C-81FC-FB4DE6A9C4E8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{E4AC50B7-2556-46C6-B2E6-D9A5E7984319}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan

"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 23

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet

"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network

"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware

"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1

"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{BA9A297F-0198-4EE8-90CB-F5036C180E1D}" = Novacomd

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect

"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects

"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker

"{D7769185-9A7C-48D4-8874-5388743A1DE2}" = Music, Photos & Videos Launcher

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min

"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center

"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin

"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool

"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)

"84713BEB4A2EB4B0E2F1346FDEBFFE94DAB5225D" = Windows Driver Package - Palm (WinUSB) Palm Devices (11/30/2008 1.0.0)

"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"ENTERPRISER" = Microsoft Office Enterprise 2007

"ExtegrityExam40" = Extegrity Exam 4.0

"Google Chrome" = Google Chrome

"Google Desktop" = Google Desktop

"Google Updater" = Google Updater

"GoToAssist" = GoToAssist 8.0.0.514

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Print Projects" = HP Print Projects 1.0

"HP Smart Web Printing" = HP Smart Web Printing 4.5

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft Security Client" = Microsoft Security Essentials

"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)

"Mozilla Firefox 4.0b7 (x86 en-US)" = Mozilla Firefox 4.0b7 (x86 en-US)

"PdaNet_is1" = PdaNet for Android 2.45

"PrimoPDF4.1.0.9" = PrimoPDF

"Shop for HP Supplies" = Shop for HP Supplies

"StreamTorrent 1.0" = StreamTorrent 1.0

"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)

"UPCShell" = LeapFrog Connect

"Windows Media Encoder 9" = Windows Media Encoder 9 Series

"Yahoo! Companion" = Yahoo! Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3454773596-171055287-479412992-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

"Qedoc Quiz Player- Criminal procedure- 4th amendment" = Qedoc Quiz Player- Criminal procedure- 4th amendment

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/6/2010 8:06:43 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 25532169

Error - 11/6/2010 8:06:59 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/6/2010 8:06:59 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 25547769

Error - 11/6/2010 8:06:59 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 25547769

Error - 11/6/2010 8:07:15 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/6/2010 8:07:15 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 25563432

Error - 11/6/2010 8:07:15 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 25563432

Error - 11/6/2010 8:07:30 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/6/2010 8:07:30 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 25579063

Error - 11/6/2010 8:07:30 AM | Computer Name = Chad-PC | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 25579063

[ Broadcom Wireless LAN Events ]

Error - 1/30/2011 3:24:42 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 13:24:42, Sun, Jan 30, 11 Error - Unable to gain access to user store

Error - 1/30/2011 7:47:49 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 17:47:48, Sun, Jan 30, 11 Error - Unable to gain access to user store

Error - 2/5/2011 10:09:01 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 20:09:00, Sat, Feb 05, 11 Error - Unable to gain access to user store

Error - 2/5/2011 10:28:12 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 20:28:12, Sat, Feb 05, 11 Error - Unable to gain access to user store

Error - 2/11/2011 8:00:39 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 18:00:38, Fri, Feb 11, 11 Error - Unable to gain access to user store

Error - 2/12/2011 3:20:43 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 13:20:43, Sat, Feb 12, 11 Error - Unable to gain access to user store

Error - 3/11/2011 10:26:29 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 20:26:29, Fri, Mar 11, 11 Error - Unable to gain access to user store

Error - 3/11/2011 11:18:52 PM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 21:18:51, Fri, Mar 11, 11 Error - Unable to gain access to user store

Error - 3/18/2011 8:54:56 AM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 07:54:56, Fri, Mar 18, 11 Error - Unable to gain access to user store

Error - 3/18/2011 9:12:11 AM | Computer Name = Chad-PC | Source = WLAN-Tray | ID = 0

Description = 08:12:11, Fri, Mar 18, 11 Error - Unable to gain access to user store

[ OSession Events ]

Error - 6/29/2009 9:36:36 AM | Computer Name = Chad-PC | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:

12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 3

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 2/14/2009 3:31:07 AM | Computer Name = Chad-PC | Source = HTTP | ID = 15016

Description =

Error - 2/14/2009 3:32:43 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/14/2009 3:32:58 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/14/2009 3:32:58 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/14/2009 5:00:13 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/14/2009 5:00:14 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/14/2009 5:00:14 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/14/2009 5:01:14 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7009

Description =

Error - 2/14/2009 5:01:14 AM | Computer Name = Chad-PC | Source = Service Control Manager | ID = 7000

Description =

Error - 2/14/2009 5:01:14 AM | Computer Name = Chad-PC | Source = DCOM | ID = 10005

Description =

< End of report >

Link to post
Share on other sites

OK....Great

Enable hidden files:

http://www.bleepingcomputer.com/tutorials/tutorial130.html

Check these two folders, I believe they're malware related, if you don't recognize them, please delete them:

C:\Users\Chad\AppData\Local\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q C:\ProgramData\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q

also what is this file on your desktop:

C:\Users\Chad\Desktop\kxw4ejdc.exe<-----

--------------------------------

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Chad

->Temp folder emptied: 896229391 bytes

->Temporary Internet Files folder emptied: 245282765 bytes

->Java cache emptied: 137431162 bytes

->FireFox cache emptied: 57768099 bytes

->Google Chrome cache emptied: 167411416 bytes

->Flash cache emptied: 5433835 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 197115003 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 2696035800 bytes

Total Files Cleaned = 4,199.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 03222011_103728

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.