Jump to content

Antimalware deleted but still pops up help


Recommended Posts

Hi,

I recently got antimalware doctor on my computer and removed it using malwarebytes. If I look in add/remove antimalware doctor isn't there and I looked up other sites talking about looking inti the registry and I couldn't find them there either. Is was after I scanned and removed using malwarebytes. However, antimalwarebytes still pops up with it's annoying messages that I. Have a virus and I don't know how I can remove it anymore. Help would be much appreciated. Thank you!

JJ

Link to post
Share on other sites

Hello computernewbie

Welcome to Malwarebytes.

=====================

  • Download OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

====================

Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Link to post
Share on other sites

  • 2 weeks later...

This is the OTL.txt file

OTL logfile created on: 7/5/2011 7:49:00 PM - Run 2

OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\x32285\Desktop

Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 65.02% Memory free

7.16 Gb Paging File | 6.01 Gb Available in Paging File | 83.99% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 47.79 Gb Free Space | 32.06% Space Free | Partition Type: NTFS

Computer Name: USMANBUX32285 | User Name: x32285 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\x32285\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

PRC - C:\Program Files\AIM\aim.exe (AOL Inc.)

PRC - C:\Program Files\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)

PRC - c:\Program Files\McAfee\Common Framework\McTray.exe (McAfee, Inc.)

PRC - C:\Program Files\Juniper Networks\Odyssey Access Client\odTray.exe (Juniper Networks, Inc.)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

PRC - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)

PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE ( )

PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)

PRC - C:\Program Files\ActivIdentity\ActivClient\acsagent.exe (ActivIdentity)

PRC - C:\Program Files\DesktopAlert\DesktopAlert.exe (DesktopAlert, Inc.)

PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)

PRC - C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe (Tumbleweed Communications Inc.)

PRC - C:\Program Files\MagicTune Premium\GammaTray.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\x32285\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll (Broadcom Corporation.)

========== Win32 Services (SafeList) ==========

SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)

SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)

SRV - (NVIDIA Performance Driver Service) -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe ()

SRV - (McAfeeFramework) -- c:\Program Files\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)

SRV - (CcmExec) -- C:\Windows\System32\CCM\CcmExec.exe (Microsoft Corporation)

SRV - (smstsmgr) -- C:\Windows\System32\CCM\TSManager.exe (Microsoft Corporation)

SRV - (odClientService) -- C:\Program Files\Juniper Networks\Odyssey Access Client\odClientService.exe (Juniper Networks, Inc.)

SRV - (EacService) -- C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe (Juniper Networks)

SRV - (JuniperAccessService) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe (Juniper Networks)

SRV - (Credential Vault Host Storage) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe (Broadcom Corporation)

SRV - (Credential Vault Host Control Service) -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe (Broadcom Corporation)

SRV - (McShield) -- c:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe (McAfee, Inc.)

SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)

SRV - (McTaskManager) -- c:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.)

SRV - (McAfeeEngineService) -- c:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe (McAfee, Inc.)

SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\stacsv.exe (IDT, Inc.)

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_820ff26a\AEstSrv.exe (Andrea Electronics Corporation)

SRV - (lmab_device) -- C:\Windows\System32\LMabcoms.exe ( )

SRV - (accoca) -- C:\Program Files\ActivIdentity\ActivClient\accoca.exe (ActivIdentity)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (MagicTuneEngine) -- C:\Program Files\MagicTune Premium\MagicTuneEngine.exe ()

SRV - (Tumbleweed Desktop Validator) -- C:\Program Files\Tumbleweed\Desktop Validator\DVService.exe (Tumbleweed Communications Inc.)

========== Driver Services (SafeList) ==========

DRV - (prepdrvr) -- C:\Windows\System32\CCM\PrepDrv.sys (Microsoft Corporation)

DRV - (odFips2) -- C:\Windows\system32\drivers\odFips2.sys (Juniper Networks, Inc.)

DRV - (odFips) -- C:\Windows\system32\drivers\odFips.sys (Juniper Networks, Inc.)

DRV - (SCRx31 USB Reader) -- C:\Windows\System32\drivers\stc2.sys (SCM Microsystems Inc.)

DRV - (cvusbdrv) -- C:\Windows\System32\drivers\cvusbdrv.sys (Broadcom Corporation)

DRV - (CCIDFILTER) -- C:\Windows\System32\drivers\ccidflt.sys (Broadcom Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (jnprna) -- C:\Windows\System32\drivers\jnprna.sys (Juniper Networks, Inc.)

DRV - (JnprVaMgr) -- C:\Windows\System32\drivers\jnprvamgr.sys (Juniper Networks, Inc.)

DRV - (jnprva) -- C:\Windows\System32\drivers\jnprva.sys (Juniper Networks, Inc.)

DRV - (USBCCID) -- C:\Windows\System32\drivers\usbccid.sys (Microsoft Corporation)

DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)

DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)

DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)

DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)

DRV - (mfetdik) -- C:\Windows\System32\drivers\mfetdik.sys (McAfee, Inc.)

DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)

DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)

DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)

DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)

DRV - (PBADRV) -- C:\Windows\system32\DRIVERS\PBADRV.sys (Dell Inc)

DRV - (e1yexpress) Intel® -- C:\Windows\System32\drivers\e1y6032.sys (Intel Corporation)

DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)

DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)

DRV - (NETw3v32) Intel® -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)

DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.usma.edu

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.usma.edu

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 134.240.241.240:8080

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = https://cis.usma.edu

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://cis.usma.edu

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = drenproxy.usma.army.mil:8080

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - prefs.js..network.proxy.ftp: "drenproxy.usma.army.mil"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "drenproxy.usma.army.mil"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "drenproxy.usma.army.mil"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.share_proxy_settings: true

FF - prefs.js..network.proxy.socks: "drenproxy.usma.army.mil"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.ssl: "drenproxy.usma.army.mil"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/07/30 14:19:33 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}: C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904} [2011/06/23 23:51:51 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/18 10:12:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/19 17:20:00 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1.1\Extensions\\Components: C:\Program Files\Mozilla Firefox\Components [2011/05/18 10:12:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1.1\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\Plugins [2011/05/19 17:20:00 | 000,000,000 | ---D | M]

[2010/04/26 13:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x32285\AppData\Roaming\mozilla\Extensions

[2010/04/26 13:17:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x32285\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/06/23 23:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\x32285\AppData\Roaming\mozilla\Firefox\Profiles\p7bjk42v.default\extensions

[2010/08/09 23:29:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\x32285\AppData\Roaming\mozilla\Firefox\Profiles\p7bjk42v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011/05/18 10:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2011/05/18 10:12:15 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/05/18 10:12:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\en-US\locale\en-US\mozapps\extensions

[2011/05/18 10:12:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\content\mozapps\extensions

[2011/05/18 10:12:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\aero\mozapps\extensions

[2011/05/18 10:12:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\chrome\toolkit\skin\classic\mozapps\extensions

File not found (No name found) --

[2011/06/23 23:51:51 | 000,000,000 | ---D | M] (XULRunner) -- C:\USERS\X32285\APPDATA\LOCAL\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}

[2011/05/12 01:25:08 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll

[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/07/07 17:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

[2009/07/07 17:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

[2011/01/30 11:45:12 | 000,135,568 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll

[2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/12/22 03:24:48 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2011/05/12 01:25:08 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2011/05/12 01:25:08 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

[2011/05/12 01:25:08 | 000,001,131 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2011/05/12 01:25:08 | 000,002,364 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2011/05/12 01:25:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2011/05/12 01:25:08 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2011/06/24 00:17:50 | 000,435,303 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 14982 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)

O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] File not found

O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] File not found

O4 - HKLM..\Run: [DesktopAlert] C:\Program Files\DesktopAlert\DesktopAlert.exe (DesktopAlert, Inc.)

O4 - HKLM..\Run: [DVTrayApp] C:\Program Files\Tumbleweed\Desktop Validator\DVTrayApp.exe (Tumbleweed Communications Inc.)

O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)

O4 - HKLM..\Run: [McAfeeUpdaterUI] c:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [OdTray.exe] C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe (Juniper Networks, Inc.)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)

O4 - HKLM..\Run: [shStatEXE] c:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TkBellExe] File not found

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)

O4 - HKCU..\Run: [Google Update] C:\Users\x32285\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

O4 - HKCU..\Run: [LMab1err] C:\Program Files\Lexmark\ErrorApp\LMab1err.EXE ( )

O4 - Startup: C:\Users\x32285\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Download present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Feeds present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\SQM present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoOnlinePrintsWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMSAppLogo5ChannelNotify = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: PreXPSP2ShellProtocolBehavior = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = UNITED STATES DEPARTMENT OF DEFENSE WARNING STATEMENT

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = [string data over 1000 bytes]

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylockeduserid = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DelayedDesktopSwitchTimeout = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ReportControllerMissing = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPublishingWizard = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInplaceSharing = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogonScripts = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\System32\wshbth.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: acom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: af.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: afms.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: africom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: anthrax.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: arl.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([akocac.us] https in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([akoim.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([akoim.us] https in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([armyweb.us] https in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes1.dr1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes1.ps1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes2.dr1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes2.ps1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes3.dr1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes3.ps1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes4.dr1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes4.ps1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes5.dr1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes5.ps1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes6.dr1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([mes6.ps1.us] http in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([webmail.us] https in Trusted sites)

O15 - HKLM\..Trusted Domains: army.mil ([www.us] https in Trusted sites)

O15 - HKLM\..Trusted Domains: arpa.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: asbca.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: assist.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: BTA.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: CAC.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: centcom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: cert.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: daps.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: darpa.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dau.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dc3.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dcaa.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dcma.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: deca.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: defendamerica.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: defenselink.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: deploymenthealth.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dfas.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dia.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: disa.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: disa.mil ([miap.csd] https in Trusted sites)

O15 - HKLM\..Trusted Domains: disagrid.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dla.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dmso.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dod.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: doded.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dsm.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dss.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dtepi.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dtic.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: dtra.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: eb.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: eb.mil ([wawf] * in Trusted sites)

O15 - HKLM\..Trusted Domains: eucom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: hpc.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: ia.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jast.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jcmotf.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jcs.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jcse.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jfcom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jointmodels.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: js.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jsc.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jsf.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jsims.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jtfgno.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: jwac.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: knowledgenet.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: korea50.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: mnf-iraq.com ([]http in Trusted sites)

O15 - HKLM\..Trusted Domains: mnf-iraq.com ([www] http in Trusted sites)

O15 - HKLM\..Trusted Domains: navy.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: ncsc.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: newhorizons.com ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: nga.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: nic.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: nima.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: nipr.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: norad.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: noradnorthcom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: northcom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: nosc.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: nro.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: osd.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: pacom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: pcstravel.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: pdhealth.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: pentagon.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: skillport.com ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: skillsoft.com ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: soc.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: socds.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: socom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: southcom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: spacecom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: stratcom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: test.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: transcom.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: ttsc.net ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: usbank.com ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: usBANK.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: uscg.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: usma.edu ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: usma.edu ([kmdev] https in Local intranet)

O15 - HKLM\..Trusted Domains: usma.edu ([kmstaging] https in Local intranet)

O15 - HKLM\..Trusted Domains: usma.edu ([mysites] https in Local intranet)

O15 - HKLM\..Trusted Domains: usma.edu ([portal] https in Local intranet)

O15 - HKLM\..Trusted Domains: usma.edu ([teamsites] https in Local intranet)

O15 - HKLM\..Trusted Domains: usmc.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: usuhs.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: westpoint.edu ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: westpoint.edu ([kmdev] https in Local intranet)

O15 - HKLM\..Trusted Domains: westpoint.edu ([kmstaging] https in Local intranet)

O15 - HKLM\..Trusted Domains: westpoint.edu ([mysites] https in Local intranet)

O15 - HKLM\..Trusted Domains: westpoint.edu ([portal] https in Local intranet)

O15 - HKLM\..Trusted Domains: westpoint.edu ([teamsites] https in Local intranet)

O15 - HKLM\..Trusted Domains: whmo.mil ([]* in Trusted sites)

O15 - HKLM\..Trusted Domains: whs.mil ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: army.mil ([www.us] https in Trusted sites)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usma.ds.army.edu

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\x32285\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O24 - Desktop BackupWallPaper: C:\Users\x32285\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk /p \??\E:) - File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/25 20:14:57 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\x32285\Desktop\OTL.exe

[2011/06/25 17:12:58 | 000,000,000 | ---D | C] -- C:\Users\x32285\AppData\Roaming\Malwarebytes

[2011/06/25 17:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011/06/25 17:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011/06/25 17:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011/06/25 17:11:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011/06/25 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011/06/25 17:09:30 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\x32285\Desktop\mbam-setup.exe

[2011/06/25 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor

[2011/06/25 16:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools

[2011/06/25 16:39:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP

[2011/06/24 00:09:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011/06/24 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy

[2011/06/23 23:51:51 | 000,000,000 | ---D | C] -- C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}

[2011/06/23 23:50:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer

[2011/06/23 23:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage

[2011/06/23 23:50:13 | 000,000,000 | ---D | C] -- C:\Users\x32285\AppData\Roaming\21AEFD647B86FC5B2209CFF4D06134BC

[2011/06/23 23:50:07 | 000,000,000 | ---D | C] -- C:\Quarantine

[2011/06/12 15:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011/06/12 15:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011/06/12 15:05:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2011/06/12 14:38:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2011/06/12 14:38:18 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2011/06/12 14:38:18 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010/04/26 13:14:34 | 000,380,928 | ---- | C] ( ) -- C:\Windows\System32\lexlog.dll

[2010/04/26 13:11:14 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lmabpmui.dll

[2010/04/26 13:11:13 | 001,044,480 | ---- | C] ( ) -- C:\Windows\System32\lmabserv.dll

[2010/04/26 13:11:13 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\lmabusb1.dll

[2010/04/26 13:11:13 | 000,344,064 | ---- | C] ( ) -- C:\Windows\System32\lmabiesc.dll

[2010/04/26 13:11:12 | 000,864,256 | ---- | C] ( ) -- C:\Windows\System32\lmabip1.dll

[2010/04/26 13:11:12 | 000,573,440 | ---- | C] ( ) -- C:\Windows\System32\lmablmpm.dll

[2010/04/26 13:11:12 | 000,487,424 | ---- | C] ( ) -- C:\Windows\System32\lmabpar1.dll

[2010/04/26 13:11:12 | 000,458,752 | ---- | C] ( ) -- C:\Windows\System32\lmabiobj.dll

[2010/04/26 13:11:12 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lmabinpa.dll

[2010/04/26 13:11:11 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\lmabhcp.dll

[2010/04/26 13:11:10 | 000,819,200 | ---- | C] ( ) -- C:\Windows\System32\lmabcomc.dll

[2010/04/26 13:11:10 | 000,590,504 | ---- | C] ( ) -- C:\Windows\System32\lmabcoms.exe

[2010/04/26 13:11:10 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lmabcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/07/05 19:55:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/07/05 19:55:19 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/07/05 19:47:13 | 000,000,459 | ---- | M] () -- C:\Windows\SMSCFG.ini

[2011/07/05 19:46:08 | 000,679,033 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/07/05 19:46:08 | 000,679,033 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/07/05 19:46:01 | 000,002,563 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk

[2011/07/05 19:45:36 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/05 19:44:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/07/05 19:44:31 | 3745,411,072 | -HS- | M] () -- C:\hiberfil.sys

[2011/06/27 00:07:55 | 000,135,168 | ---- | M] () -- C:\Users\x32285\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/26 23:19:12 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011/06/26 23:19:11 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-651377827-839522115-98182UA.job

[2011/06/26 23:13:51 | 000,680,274 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/26 23:13:51 | 000,128,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/25 20:15:00 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\x32285\Desktop\OTL.exe

[2011/06/25 19:17:29 | 001,007,120 | ---- | M] () -- C:\Users\x32285\Desktop\iExplore.exe

[2011/06/25 17:11:18 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/25 17:09:32 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\x32285\Desktop\mbam-setup.exe

[2011/06/25 16:49:03 | 002,114,986 | ---- | M] () -- C:\Windows\System32\drivers\Cat.DB

[2011/06/25 16:28:33 | 000,000,000 | ---- | M] () -- C:\Users\x32285\AppData\Local\Dniyaduxoxu.bin

[2011/06/24 01:16:27 | 000,000,545 | ---- | M] () -- C:\Windows\wininit.ini

[2011/06/24 00:43:41 | 000,001,356 | ---- | M] () -- C:\Users\x32285\AppData\Local\d3d9caps.dat

[2011/06/24 00:17:50 | 000,435,303 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011/06/23 23:51:52 | 000,000,120 | ---- | M] () -- C:\Users\x32285\AppData\Local\Gxuji.dat

[2011/06/15 15:05:18 | 000,005,317 | ---- | M] () -- C:\Users\x32285\Desktop\john orders.pdf

[2011/06/15 15:01:37 | 000,002,054 | ---- | M] () -- C:\Users\x32285\Desktop\Google Chrome.lnk

[2011/06/15 15:01:37 | 000,002,016 | ---- | M] () -- C:\Users\x32285\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2011/06/12 21:12:52 | 000,005,610 | ---- | M] () -- C:\Users\x32285\Desktop\DTS Orders.pdf

[2011/06/12 15:07:05 | 000,001,671 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/06/12 14:49:58 | 000,155,584 | RHS- | M] () -- C:\ProgramData\ntuser.pol

[2011/06/12 14:19:03 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-842925246-651377827-839522115-98182Core.job

========== Files Created - No Company Name ==========

[2011/06/25 19:17:26 | 001,007,120 | ---- | C] () -- C:\Users\x32285\Desktop\iExplore.exe

[2011/06/25 17:11:18 | 000,000,913 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011/06/25 16:45:49 | 002,114,986 | ---- | C] () -- C:\Windows\System32\drivers\Cat.DB

[2011/06/25 15:16:56 | 3745,411,072 | -HS- | C] () -- C:\hiberfil.sys

[2011/06/24 01:16:27 | 000,000,545 | ---- | C] () -- C:\Windows\wininit.ini

[2011/06/23 23:51:52 | 000,000,120 | ---- | C] () -- C:\Users\x32285\AppData\Local\Gxuji.dat

[2011/06/23 23:51:52 | 000,000,000 | ---- | C] () -- C:\Users\x32285\AppData\Local\Dniyaduxoxu.bin

[2011/06/15 15:05:18 | 000,005,317 | ---- | C] () -- C:\Users\x32285\Desktop\john orders.pdf

[2011/06/12 21:12:52 | 000,005,610 | ---- | C] () -- C:\Users\x32285\Desktop\DTS Orders.pdf

[2011/06/12 15:07:05 | 000,001,671 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2011/05/03 17:03:26 | 000,004,764 | ---- | C] () -- C:\Windows\System32\CcmFramework.ini

[2011/02/28 12:23:26 | 000,004,096 | -H-- | C] () -- C:\Users\x32285\AppData\Local\keyfile3.drm

[2010/08/09 10:37:38 | 000,000,459 | ---- | C] () -- C:\Windows\SMSCFG.ini

[2010/05/27 19:46:22 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

[2010/04/29 17:50:30 | 000,135,168 | ---- | C] () -- C:\Users\x32285\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/04/26 13:15:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/04/26 13:12:29 | 000,540,672 | ---- | C] () -- C:\Windows\System32\softcoin.dll

[2010/04/26 13:12:29 | 000,360,448 | ---- | C] () -- C:\Windows\System32\gencoin.dll

[2010/04/23 13:20:26 | 000,001,356 | ---- | C] () -- C:\Users\x32285\AppData\Local\d3d9caps.dat

[2009/09/28 14:14:37 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2009/09/28 11:48:05 | 000,679,033 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/09/28 11:48:05 | 000,679,033 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/09/28 11:30:25 | 000,279,888 | ---- | C] () -- C:\Windows\System32\brcmbsp.dll

[2009/09/28 11:20:14 | 000,080,368 | ---- | C] () -- C:\Windows\System32\pbadrvdll.dll

[2009/08/11 22:15:52 | 000,000,064 | ---- | C] () -- C:\Windows\System32\drivers\odFIPS2.sys.icv

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/07/30 10:10:22 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2009/07/30 10:10:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/07/30 10:09:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/05/06 14:51:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009/05/06 14:27:51 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/05/06 13:42:47 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini

[2008/07/12 01:39:21 | 000,155,584 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2008/03/28 17:46:36 | 000,114,688 | ---- | C] () -- C:\Windows\System32\aicext.dll

[2008/01/20 22:25:00 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en

[2008/01/18 00:35:24 | 000,081,920 | ---- | C] () -- C:\Windows\System32\erainp32.dll

[2006/11/02 08:56:56 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:52 | 000,465,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 06:33:01 | 000,680,274 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,128,498 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/07/18 16:51:16 | 005,304,320 | ---- | C] () -- C:\Windows\System32\digiSealApi.dll

[2006/06/30 12:58:44 | 000,176,128 | R--- | C] () -- C:\Windows\System32\bioapi_mds300.dll

[2006/06/30 12:58:44 | 000,126,976 | R--- | C] () -- C:\Windows\System32\bioapi100.dll

========== LOP Check ==========

[2011/04/27 13:42:00 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\.minecraft

[2011/06/26 23:42:30 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\21AEFD647B86FC5B2209CFF4D06134BC

[2010/04/26 13:29:51 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\acccore

[2010/11/28 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\Auslogics

[2011/06/13 08:11:10 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\DesktopAlert

[2009/09/28 08:43:18 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\DesktopAlert, Inc

[2009/09/28 13:57:20 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\Funk Software

[2009/09/28 13:48:52 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\Juniper Networks

[2009/09/28 08:43:43 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\PureEdge

[2010/11/14 02:34:14 | 000,000,000 | ---D | M] -- C:\Users\x32285\AppData\Roaming\Research In Motion

[2011/06/27 00:08:35 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >

Link to post
Share on other sites

OTL Extras logfile created on: 6/25/2011 8:15:12 PM - Run 1

OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\x32285\Desktop

Windows Vista Enterprise Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19048)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.49 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 61.66% Memory free

7.20 Gb Paging File | 5.89 Gb Available in Paging File | 81.80% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149.05 Gb Total Space | 41.14 Gb Free Space | 27.60% Space Free | Partition Type: NTFS

Computer Name: USMANBUX32285 | User Name: x32285 | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

"PolicyVersion" = 513

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

"AllowLocalPolicyMerge" = 1

"AllowLocalIPsecPolicyMerge" = 0

"EnableFirewall" = 0

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging]

"LogDroppedPackets" = 1

"LogSuccessfulConnections" = 1

"LogFilePath" = %windir%\system32\logfiles\firewall\pfirewall.log -- ()

"LogFileSize" = 16384

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules]

"CoreNet-IPv6-Out" = v2.0|Action=Block|Active=TRUE|Dir=Out|Protocol=41|Profile=Domain|Profile=Private|Profile=Public|App=System|Name=@FirewallAPI.dll,-25352|Desc=@FirewallAPI.dll,-25358|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|

"CoreNet-Teredo-Out" = v2.0|Action=Block|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|App=%SystemRoot%\system32\svchost.exe|Svc=iphlpsvc|Name=@FirewallAPI.dll,-25327|Desc=@FirewallAPI.dll,-25333|EmbedCtxt=@FirewallAPI.dll,-25000|Edge=FALSE|

"RemoteDesktop-In-TCP" = v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=3389|App=System|Name=@FirewallAPI.dll,-28753|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile]

"DisableNotifications" = 0

"DisableUnicastResponsesToMulticastBroadcast" = 1

"EnableFirewall" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

"AllowLocalPolicyMerge" = 1

"AllowLocalIPsecPolicyMerge" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PrivateProfile\Logging]

"LogDroppedPackets" = 1

"LogSuccessfulConnections" = 1

"LogFileSize" = 16384

"LogFilePath" = %windir%\system32\logfiles\firewall\pfirewall.log -- ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

"DefaultOutboundAction" = 0

"DefaultInboundAction" = 1

"AllowLocalPolicyMerge" = 1

"AllowLocalIPsecPolicyMerge" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\GloballyOpenPorts]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\Logging]

"LogDroppedPackets" = 1

"LogSuccessfulConnections" = 1

"LogFileSize" = 16384

"LogFilePath" = %windir%\system32\logfiles\firewall\pfirewall.log -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{032D4DA2-AF3E-4287-86BD-35818E98ADCC}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{7C31534B-BEB2-4899-946C-6DD7DDEE74ED}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{A6B89433-7277-4041-B384-6344042BB414}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |

"{D0E1AD0B-3483-4FA2-A6B8-3570E0FB912E}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

"{DEA0F40F-FFE2-470C-BD8F-A17502279339}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AEAE6C8-717E-4543-82DA-F84F36C87CE9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{0C5590FB-5644-43EE-ABC9-D4BE915236E5}" = protocol=17 | dir=in | app=c:\windows\system32\lmabcoms.exe |

"{1289F14A-48D0-4C94-AB62-BA3135F9FBD2}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |

"{19C4BC17-E139-4826-A211-5DE323BC5D41}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |

"{213180BA-0092-42F9-A7C4-88FBA4F9E0B5}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |

"{2C81CB51-BEEC-46C7-B755-98227FCDD93C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{2D3FB102-3EB9-4988-980A-2FE17BFC7CC6}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |

"{38EEB3A0-4499-40AE-B87A-A45D8C8C8159}" = protocol=6 | dir=in | app=c:\windows\system32\lmabcoms.exe |

"{3F7C2924-2322-4D62-A08B-7F6A7AD5888D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{40753C2F-0C05-413E-A562-3B2B308F5C58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{40A0C555-8B23-4927-9B62-14678F275900}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{420B7D91-6CDD-439E-BA49-1AEA8A618646}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{576920DC-E9B3-4ABC-938E-6488764A6865}" = protocol=17 | dir=in | app=c:\program files\lexmark\errorapp\lmab1err.exe |

"{58FDE5A2-A2BE-4877-8E4A-1E4A2AE1F000}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{59A591C3-69DD-469D-B487-5A6A551621BD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{5C83E776-6FAA-4CE0-B26F-FFB35B4AEADF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{637BE7FF-3636-4A7C-8804-F81DBA339E15}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |

"{73D3736B-609B-4F6E-81A1-14BA4623CC19}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |

"{73F83B69-2A43-4C11-9345-2F121AFDAD1E}" = dir=in | app=c:\program files\itunes\itunes.exe |

"{7DE2A1FC-1BD4-4922-91F9-D7B686162850}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"{8B2C684D-81F7-4B91-9A3A-A8C33867DCE3}" = protocol=17 | dir=in | app=c:\windows\system32\lmabcoms.exe |

"{8FF1D056-362B-463E-BEF1-F735C6230A84}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"{922ED7BA-20AE-4269-98C0-440BEEF04218}" = protocol=6 | dir=in | app=c:\program files\lexmark\errorapp\lmab1err.exe |

"{964A9B5D-1611-435E-ABE1-D21DC11CD10B}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |

"{9D31C976-AA2B-4067-8113-D6177502EF79}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"{A1BA38E7-D353-4384-91D8-354533B40F49}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"{B8FA7272-FEE9-4F73-B892-16F69881076F}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |

"{C2CB2162-8661-4DA6-B99B-F2B9AA806ACA}" = protocol=6 | dir=in | app=c:\windows\system32\lmabcoms.exe |

"{CC4C1A3D-6983-43B8-AE21-AA280A88B9D0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\left 4 dead 2\left4dead2.exe |

"{CD273E49-EF6B-42DF-BB1E-7E2A88510051}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |

"{F335F080-8C8B-474B-BF4C-3E266CAD38E8}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"{F688E93F-B257-4817-9DC0-FD4F09563566}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{FCFCBCD5-65FB-40A6-AE1C-2340357AFFBD}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |

"TCP Query User{142F4E60-FE0F-4D68-BA66-B22B4329ED6E}C:\program files\desktopalert\desktopalert.exe" = protocol=6 | dir=in | app=c:\program files\desktopalert\desktopalert.exe |

"TCP Query User{189D54E4-8D34-4CDA-88D1-F3144A9F5274}C:\program files\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |

"TCP Query User{2E24F9AB-D602-48FB-9022-058FB23A2DF9}C:\program files\vbrick\streamplayerplus\streamplayerplus.exe" = protocol=6 | dir=in | app=c:\program files\vbrick\streamplayerplus\streamplayerplus.exe |

"TCP Query User{419C2DF9-C4D6-4680-9E3B-BC2547BCFB0C}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"TCP Query User{46F5F789-7677-47EA-B7D4-DAE384FF2E8D}C:\program files\aim\aim.exe" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |

"TCP Query User{596C33C3-38D9-4891-958F-52020469B570}C:\program files\vbrick\streamplayerplus\streamplayerplus.exe" = protocol=6 | dir=in | app=c:\program files\vbrick\streamplayerplus\streamplayerplus.exe |

"TCP Query User{6C25F48D-432B-4AF1-8CA8-8D94C00B4B15}C:\program files\desktopalert\desktopalert.exe" = protocol=6 | dir=in | app=c:\program files\desktopalert\desktopalert.exe |

"TCP Query User{6F02195F-90DB-488C-97BA-0DC636E4A5B4}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"TCP Query User{A44DEDD5-7F9B-42BB-B390-68DAFC96C5B6}C:\program files\microsoft office communicator\communicator.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |

"TCP Query User{AF472664-3E0F-48EA-B4CC-11E4DDCDAAE1}C:\program files\desktopalert\desktopalert.exe" = protocol=6 | dir=in | app=c:\program files\desktopalert\desktopalert.exe |

"UDP Query User{620A86A9-2FA3-4AF3-B5F7-7D2B7A70BDC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |

"UDP Query User{758F0F01-02CF-49E9-86C2-99F7DC77A8CC}C:\program files\desktopalert\desktopalert.exe" = protocol=17 | dir=in | app=c:\program files\desktopalert\desktopalert.exe |

"UDP Query User{82A72DB7-CB1E-49BA-879B-259951BCE114}C:\program files\vbrick\streamplayerplus\streamplayerplus.exe" = protocol=17 | dir=in | app=c:\program files\vbrick\streamplayerplus\streamplayerplus.exe |

"UDP Query User{87627146-266D-40BA-96A5-B0B80F3450A9}C:\program files\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |

"UDP Query User{9B317246-FA0F-457F-81A9-197F8996302C}C:\program files\desktopalert\desktopalert.exe" = protocol=17 | dir=in | app=c:\program files\desktopalert\desktopalert.exe |

"UDP Query User{9EA1F7EA-6C73-432A-A176-A4B93DCFDA1F}C:\program files\vbrick\streamplayerplus\streamplayerplus.exe" = protocol=17 | dir=in | app=c:\program files\vbrick\streamplayerplus\streamplayerplus.exe |

"UDP Query User{B3B3EC02-29E0-4BDD-9E3A-AF0653A1A4E7}C:\program files\microsoft office communicator\communicator.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office communicator\communicator.exe |

"UDP Query User{D702A960-06E2-4D56-BD85-244D77D7162A}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

"UDP Query User{E24C1367-22F8-46E6-9B09-4DBB9F080561}C:\program files\desktopalert\desktopalert.exe" = protocol=17 | dir=in | app=c:\program files\desktopalert\desktopalert.exe |

"UDP Query User{EA2F487C-DC7E-4447-A25D-4D970386A19D}C:\program files\aim\aim.exe" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{0768D7D7-0D13-4740-9684-A42CCF095BA4}" = Tumbleweed Desktop Validator

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3

"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5

"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client

"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java 6 Update 23

"{29EB04A2-633C-40BE-9673-12DE7360C04E}" = ApproveIt Desktop 5.9

"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH R5U241 / R5C847 Media Driver ver.2.04.01.00

"{2F5AEC7C-8B46-4807-8DC1-0BFA072C151C}" = VBrick StreamPlayerPlus

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{32A3A4F4-B792-11D6-A78A-00B0D0160130}" = Java SE Development Kit 6 Update 13

"{3AB4E8CB-3321-4D43-8A59-885338A6EBF9}" = STATISTICA 8.0.725.0 CS

"{3ED749F6-135B-4559-8936-15FF6979F67E}" = VC8 C Runtime

"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth

"{44D21B77-D4FC-49E8-A726-CD00D5016703}" = DBsign Web Signer

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers

"{52468FB8-50D0-41F9-AFC7-6BD0DA224A6B}" = SMS Client Setup Bootstrap

"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58D379F7-62BC-4748-8237-FE071ECE797C}" = Microsoft SQL Server 2005 Tools

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX

"{6D9EB40B-26F9-450F-8FDD-A54B39FF6071}" = Mozilla Firefox (en-US)

"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{7396F7C8-EDD8-4473-BF6A-2CE4996716E1}" = JavaFX 1.1 SDK

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}" = iTunes

"{81860953-8A77-4ED5-B57C-F35D703D9489}" = Dell ControlVault Host Components Installer

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C363CB9-9F31-4349-8491-762C42D3FDFB}" = CambridgeSoft Desktop Inventory 12.0

"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner

"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0045-0000-0000-0000000FF1CE}" = Microsoft Expression Web 2

"{90120000-0045-0000-0000-0000000FF1CE}_XWeb_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0045-0409-0000-0000000FF1CE}" = Microsoft Expression Web 2 MUI (English)

"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007

"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00B2-0409-0000-0000000FF1CE}" = Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6

"{998D6972-F58E-479D-9248-8F179E55AE38}" = Java DB 10.4.1.3

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A1E1083D-249D-483C-AD92-CDCFA230A4C7}" = STATISTICA CambridgeSoft Integration

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC194855-F7AC-4D04-B4C9-07BA46FCB697}" = ActivClient CAC 6.1 x86

"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework

"{B0F9497C-52B4-4686-8E73-74D866BBDF59}" = Microsoft SQL Server 2005 (CSSQL05)

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support

"{B639A4DE-A375-47D3-89C3-DDCF98D992F7}" = McAfee Agent

"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy

"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client

"{BE5AD430-9E0C-4243-AB3F-593835869855}" = Microsoft Office Communicator 2005

"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support

"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup

"{CB69F592-2101-4CF4-88D1-825CC4FB0979}" = RAPTOR

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D06EF6C2-62D8-4308-897E-B20FE81712B4}" = CambridgeSoft ChemBioOffice Ultra 2010

"{D6044256-A309-43B5-9833-D3FAFE2AD24D}" = MagicTune Premium

"{DCC90D9D-4F8D-4A06-9050-ADDB284FF9FA}" = Adobe Flash Player 10 ActiveX

"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag

"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5

"{E145D9BE-D521-4527-A85D-2B2D47725506}" = CambridgeSoft ChemScript 12.0

"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio

"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client

"{ECE4289B-68C8-4D30-9C65-84CC2052CCFF}" = CambridgeSoft BioAssay 12.0

"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F596E368-2A1D-4896-AB37-C81BFA4DD011}" = CambridgeSoft ENotebook 12.0.1

"{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE

"{FB9607C0-17B8-42B8-BB99-A1C9F7038363}" = Wolfram Notebook Indexer 2.0

"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.65

"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)

"AC3Filter_is1" = AC3Filter 1.63b

"Adobe Audition 3.0" = Adobe Audition 3.0

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"AIM_7" = AIM 7

"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1

"ENTERPRISE" = Microsoft Office Enterprise 2007

"GOM Player" = GOM Player

"Guitar Pro 5_is1" = Guitar Pro 5.2

"HTMLKit_is1" = HTML-Kit

"Juniper Odyssey Access Client" = Juniper Odyssey Access Client 5.1

"KEY 5.1" = KEY 5.1

"Lexmark_HostCD" = Lexmark Software Uninstall

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MestReNova LITE" = MestReNova LITE 5.2.5-4731

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"M-WIN-P 7.0.1 1213966_is1" = Wolfram Mathematica 7 (M-WIN-P 7.0.1 1213966)

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Plants vs. Zombies" = Plants vs. Zombies

"PROSet" = Intel® Network Connections Drivers

"RealPlayer 12.0" = RealPlayer

"SoftwareUpdUtility" = Download Updater (AOL LLC)

"StarCraft II" = StarCraft II

"STATNOVAPDF_is1" = STATNOVAPDF (novaPDF Professional Server 5.4 printer)

"Steam App 240" = Counter-Strike: Source

"Steam App 550" = Left 4 Dead 2

"USMA Desktop Alert System" = USMA Desktop Alert System 2.1.1.1

"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions

"VISPRO" = Microsoft Office Visio Professional 2007

"VLC media player" = VLC media player 1.1.7

"XWeb" = Microsoft Expression Web 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

"IT105 Editor" = IT105 Editor

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 4/17/2011 12:12:55 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1010

Description =

Error - 4/17/2011 12:12:55 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008

Description =

Error - 4/19/2011 10:56:16 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008

Description =

Error - 4/19/2011 10:56:16 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1010

Description =

Error - 4/19/2011 10:56:17 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008

Description =

Error - 4/20/2011 6:05:17 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Windows Search Service | ID = 3024

Description =

Error - 4/20/2011 6:14:32 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Windows Search Service | ID = 3024

Description =

Error - 4/21/2011 6:48:10 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008

Description =

Error - 4/21/2011 6:48:10 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1010

Description =

Error - 4/21/2011 6:48:11 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Perflib | ID = 1008

Description =

[ OSession Events ]

Error - 5/16/2011 9:11:45 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 5106

seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]

Error - 10/8/2010 8:42:18 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = DCOM | ID = 10016

Description =

Error - 10/8/2010 8:42:34 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Application Management Group Policy | ID = 103

Description = The removal of the assignment of application ERACENT8 from policy

DEAN-SOFTWARE-ERACENT8 failed. The error was : %2

Error - 10/8/2010 8:42:39 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Application Management Group Policy | ID = 103

Description = The removal of the assignment of application ERACENT8 from policy

DEAN-SOFTWARE-ERACENT8 failed. The error was : %2

Error - 10/8/2010 9:18:29 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = PlugPlayManager | ID = 12

Description = The device 'TSSTcorp DVD+-RW TS-U633F' (IDE\CdRomTSSTcorp_DVD+-RW_TS-U633F_______________D200____\4&a35d0c1&0&0.1.0)

disappeared from the system without first being prepared for removal.

Error - 10/8/2010 9:42:53 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = PlugPlayManager | ID = 12

Description = The device 'TSSTcorp DVD+-RW TS-U633F' (IDE\CdRomTSSTcorp_DVD+-RW_TS-U633F_______________D200____\4&a35d0c1&0&0.1.0)

disappeared from the system without first being prepared for removal.

Error - 10/8/2010 9:50:50 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Microsoft-Windows-GroupPolicy | ID = 1129

Description = The processing of Group Policy failed because of lack of network connectivity

to a domain controller. This may be a transient condition. A success message would

be generated once the machine gets connected to the domain controller and Group

Policy has succesfully processed. If you do not see a success message for several

hours, then contact your administrator.

Error - 10/8/2010 10:03:50 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = PlugPlayManager | ID = 12

Description = The device 'TSSTcorp DVD+-RW TS-U633F' (IDE\CdRomTSSTcorp_DVD+-RW_TS-U633F_______________D200____\4&a35d0c1&0&0.1.0)

disappeared from the system without first being prepared for removal.

Error - 10/8/2010 10:14:45 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Application Management Group Policy | ID = 103

Description = The removal of the assignment of application ERACENT8 from policy

DEAN-SOFTWARE-ERACENT8 failed. The error was : %2

Error - 10/8/2010 10:26:06 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = PlugPlayManager | ID = 12

Description = The device 'TSSTcorp DVD+-RW TS-U633F' (IDE\CdRomTSSTcorp_DVD+-RW_TS-U633F_______________D200____\4&a35d0c1&0&0.1.0)

disappeared from the system without first being prepared for removal.

Error - 10/8/2010 11:52:53 AM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = DCOM | ID = 10016

Description =

[ Tumbleweed Events ]

Error - 6/22/2011 6:50:32 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: mctray.exe Certificate

Name: /C=US/ST=California/L=Santa Clara/O=McAfee, Inc./OU=Digital ID Class 3 -

Microsoft Software Validation v2/OU=IIS/CN=McAfee, Inc. Certificate Issuer: /C=US/O=VeriSign,

Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa

©04/CN=VeriSign Class 3 Code Signing 2004 CA Certificate Serial Number: 564A361E168A81A8F3EFAADA332508E1

Revocation

Status: Unable to verify Validation Protocol: CRL Validation Url: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl

Error:

Communication error - unable to connect

Error - 6/22/2011 6:50:36 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: mctray.exe Certificate

Name: /C=US/ST=California/L=Santa Clara/O=McAfee, Inc./OU=Digital ID Class 3 -

Microsoft Software Validation v2/OU=IIS/CN=McAfee, Inc. Certificate Issuer: /C=US/O=VeriSign,

Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa

©04/CN=VeriSign Class 3 Code Signing 2004 CA Certificate Serial Number: 354D1AC920ADBF81F21B7CB77AE98480

Revocation

Status: Unable to verify Validation Protocol: CRL Validation Url: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl

Error:

Communication error - unable to connect

Error - 6/23/2011 9:14:45 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: mctray.exe Certificate

Name: /C=US/ST=California/L=Santa Clara/O=McAfee, Inc./OU=Digital ID Class 3 -

Microsoft Software Validation v2/OU=IIS/CN=McAfee, Inc. Certificate Issuer: /C=US/O=VeriSign,

Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa

©04/CN=VeriSign Class 3 Code Signing 2004 CA Certificate Serial Number: 564A361E168A81A8F3EFAADA332508E1

Revocation

Status: Unable to verify Validation Protocol: CRL Validation Url: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl

Error:

Communication error - unable to connect

Error - 6/23/2011 9:14:50 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: mctray.exe Certificate

Name: /C=US/ST=California/L=Santa Clara/O=McAfee, Inc./OU=Digital ID Class 3 -

Microsoft Software Validation v2/OU=IIS/CN=McAfee, Inc. Certificate Issuer: /C=US/O=VeriSign,

Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa

©04/CN=VeriSign Class 3 Code Signing 2004 CA Certificate Serial Number: 354D1AC920ADBF81F21B7CB77AE98480

Revocation

Status: Unable to verify Validation Protocol: CRL Validation Url: http://CSC3-2004-crl.verisign.com/CSC3-2004.crl

Error:

Communication error - unable to connect

Error - 6/25/2011 4:43:25 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate

Name: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa

©09/CN=VeriSign Class 3 Code Signing 2009 CA Certificate Issuer: /C=US/O=VeriSign,

Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=© 1998 VeriSign,

Inc. - For authorized use only/OU=VeriSign Trust Network Certificate Serial Number:

2EAEB6828663FED97555F8FE24F33B1A Revocation Status: Unable to verify Error: Issuer

and user certificate akid mismatch.

Error - 6/25/2011 4:54:53 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate

Name: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=Terms of use at https://www.verisign.com/rpa

©09/CN=VeriSign Class 3 Code Signing 2009 CA Certificate Issuer: /C=US/O=VeriSign,

Inc./OU=Class 3 Public Primary Certification Authority - G2/OU=© 1998 VeriSign,

Inc. - For authorized use only/OU=VeriSign Trust Network Certificate Serial Number:

2EAEB6828663FED97555F8FE24F33B1A Revocation Status: Unable to verify Error: Issuer

and user certificate akid mismatch.

Error - 6/25/2011 5:00:04 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate

Name: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2 Certificate Issuer: /C=US/O=thawte,

Inc./OU=Certification Services Division/OU=© 2006 thawte, Inc. - For authorized

use only/CN=thawte Primary Root CA Certificate Serial Number: 47974D7873A5BCAB0D2FB370192FCE5E

Revocation

Status: Unable to verify Validation Protocol: CRL Validation Url: http://crl.thawte.com/ThawtePCA.crl

Error:

Communication error - unable to connect

Error - 6/25/2011 5:00:04 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate

Name: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA - G2 Certificate Issuer: /C=US/O=thawte,

Inc./OU=Certification Services Division/OU=© 2006 thawte, Inc. - For authorized

use only/CN=thawte Primary Root CA Certificate Serial Number: 47974D7873A5BCAB0D2FB370192FCE5E

Revocation

Status: Unable to verify Validation Protocol: CRL Validation Url: C:\Program Files\Tumbleweed\Desktop

Validator\crls\7B5B45CFAFCECB7AFD31921A6AB6F346EB5748500DD9EAE3ADDB804D2BEF610A47FDFCE0D7C70122\latest.crl

Revocation

information expired

Error - 6/25/2011 5:00:04 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate

Name: /C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=Release Engineering/CN=Mozilla

Corporation Certificate Issuer: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA -

G2 Certificate Serial Number: 36E4119288CB154660F7674908EA6B87 Revocation Status:

Unable to verify Validation Protocol: CRL Validation Url: http://cs-g2-crl.thawte.com/ThawteCSG2.crl

Error:

Communication error - unable to connect

Error - 6/25/2011 5:00:04 PM | Computer Name = USMANBUx32285.usma.ds.army.edu | Source = Desktop Validator | ID = 1

Description = Certificate Revocation Status Calling Application: pctssvc.exe Certificate

Name: /C=US/ST=California/L=Mountain View/O=Mozilla Corporation/OU=Release Engineering/CN=Mozilla

Corporation Certificate Issuer: /C=US/O=Thawte, Inc./CN=Thawte Code Signing CA -

G2 Certificate Serial Number: 36E4119288CB154660F7674908EA6B87 Revocation Status:

Unable to verify Validation Protocol: CRL Validation Url: C:\Program Files\Tumbleweed\Desktop

Validator\crls\D40D653F7ABD34C6FE47E74C0DC0BDF2DE15AB71705654B6592D8793A3CF7583F13498AC94EDD449\latest.crl

Revocation

information expired

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    [2011/06/23 23:51:51 | 000,000,000 | ---D | C] -- C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}
    [2011/06/23 23:50:13 | 000,000,000 | ---D | C] -- C:\Users\x32285\AppData\Roaming\21AEFD647B86FC5B2209CFF4D06134BC
    [2011/06/25 16:28:33 | 000,000,000 | ---- | M] () -- C:\Users\x32285\AppData\Local\Dniyaduxoxu.bin
    [2011/06/23 23:51:52 | 000,000,120 | ---- | M] () -- C:\Users\x32285\AppData\Local\Gxuji.dat

    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.

================================Malwarebytes' Anti-Malware=================================

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.

  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.

================================Online scan=================================

ESET OnlineScan

  1. Click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the esetOnline.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.

    3. Check esetAcceptTerms.png
    4. Click the esetStart.png button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check esetScanArchives.png and check Remove found threats
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, push esetListThreats.png

[*]Push esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Push the esetBack.png button.

[*]Push esetFinish.png

Link to post
Share on other sites

All processes killed

========== OTL ==========

C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}\chrome\content folder moved successfully.

C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904}\chrome folder moved successfully.

C:\Users\x32285\AppData\Local\{BCFCBB43-E94E-468A-B15E-71ACDB4E6904} folder moved successfully.

C:\Users\x32285\AppData\Roaming\21AEFD647B86FC5B2209CFF4D06134BC folder moved successfully.

C:\Users\x32285\AppData\Local\Dniyaduxoxu.bin moved successfully.

C:\Users\x32285\AppData\Local\Gxuji.dat moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 40744899 bytes

->Temporary Internet Files folder emptied: 923713 bytes

->Java cache emptied: 54414690 bytes

->Flash cache emptied: 434 bytes

User: agm

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default

->Temp folder emptied: 40744899 bytes

->Temporary Internet Files folder emptied: 885393 bytes

->Java cache emptied: 54414690 bytes

->Flash cache emptied: 434 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

User: x26571

->Temp folder emptied: 40744899 bytes

->Temporary Internet Files folder emptied: 3764252 bytes

->Java cache emptied: 54414690 bytes

->Flash cache emptied: 434 bytes

User: x31673

->Temp folder emptied: 40744899 bytes

->Temporary Internet Files folder emptied: 42589947 bytes

->Java cache emptied: 54415662 bytes

->FireFox cache emptied: 41855442 bytes

->Flash cache emptied: 892 bytes

User: x31678

->Temp folder emptied: 40744899 bytes

->Temporary Internet Files folder emptied: 925503 bytes

->Java cache emptied: 54414690 bytes

->FireFox cache emptied: 4984379 bytes

->Flash cache emptied: 434 bytes

User: x32285

->Temp folder emptied: 40744899 bytes

->Temporary Internet Files folder emptied: 49922785 bytes

->Java cache emptied: 9573 bytes

->FireFox cache emptied: 55157120 bytes

->Google Chrome cache emptied: 189461078 bytes

->Flash cache emptied: 485 bytes

User: x49656

->Temp folder emptied: 40744899 bytes

->Temporary Internet Files folder emptied: 3152677 bytes

->Java cache emptied: 54414690 bytes

->Flash cache emptied: 434 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 90440 bytes

Session Manager Temp folder emptied: 655469 bytes

Session Manager Tmp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 960.00 mb

OTL by OldTimer - Version 3.2.24.1 log created on 07072011_150322

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.