Jump to content

Leftover from Google redirect


Recommended Posts

I got the "Google Redirect" Virus and thought MBAM had it cleaned up. Here are 4 MBAM logs:

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7006

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

7/2/2011 11:50:07 PM

mbam-log-2011-07-02 (23-50-07).txt

Scan type: Full scan (C:\|)

Objects scanned: 370605

Time elapsed: 56 minute(s), 41 second(s)

Memory Processes Infected: 2

Memory Modules Infected: 1

Registry Keys Infected: 5

Registry Values Infected: 4

Registry Data Items Infected: 1

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

c:\documents and settings\linda lavin\application data\dwm.exe (Trojan.Backdoor.Gen) -> 6988 -> Unloaded process successfully.

c:\documents and settings\linda lavin\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> 5924 -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\SYSTEM32\ati3duag32.dll (Trojan.Tracur.PGen) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{01F21FCE-AD62-4DF9-AF14-4A76386DDA4a} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F21FCE-AD62-4DF9-AF14-4A76386DDA4A} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F21FCE-AD62-4DF9-AF14-4A76386DDA4A} (Trojan.Tracur.PGen) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} (Adware.EBates) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Spyware.Passwords.XGen) -> Value: conhost -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Value: load -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Backdoor.Gen) -> Bad: (C:\DOCUME~1\LINDAL~1\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\WINDOWS\SYSTEM32\ati3duag32.dll (Trojan.Tracur.PGen) -> Delete on reboot.

c:\documents and settings\linda lavin\application data\dwm.exe (Trojan.Backdoor.Gen) -> Delete on reboot.

c:\Documents and Settings\Linda Lavin\Local Settings\Temp\csrss.exe (Trojan.Backdoor.Gen) -> Delete on reboot.

c:\documents and settings\linda lavin\application data\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Delete on reboot.

c:\documents and settings\linda lavin\local settings\Temp\0.5559637066710065.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\WINDOWS\SYSTEM32\020000006c34146f1367c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\SYSTEM32\020000006c34146f1367o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\SYSTEM32\020000006c34146f1367p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\WINDOWS\SYSTEM32\020000006c34146f1367s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

**********************

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7006

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

7/3/2011 1:00:53 AM

mbam-log-2011-07-03 (01-00-53).txt

Scan type: Full scan (C:\|)

Objects scanned: 375650

Time elapsed: 45 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP121\A0029197.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP121\A0029198.exe (Trojan.Backdoor.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

***************************

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7006

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

7/3/2011 1:00:53 AM

mbam-log-2011-07-03 (01-00-53).txt

Scan type: Full scan (C:\|)

Objects scanned: 375650

Time elapsed: 45 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP121\A0029197.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP121\A0029198.exe (Trojan.Backdoor.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

************************************

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7006

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.13

7/3/2011 1:00:53 AM

mbam-log-2011-07-03 (01-00-53).txt

Scan type: Full scan (C:\|)

Objects scanned: 375650

Time elapsed: 45 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 6

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer (PUM.Bad.Proxy) -> Value: ProxyServer -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP121\A0029197.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\system volume information\_restore{987e0331-0f01-427c-a58a-7a2e4aabf84d}\RP121\A0029198.exe (Trojan.Backdoor.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367c.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367o.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367p.manifest (Malware.Trace) -> Quarantined and deleted successfully.

c:\documents and settings\networkservice\application data\020000006c34146f1367s.manifest (Malware.Trace) -> Quarantined and deleted successfully.

**************************

Now today I found an ! in device manager next to the non plug and play driver partmgr that had a code 24.

I have boot logging turned on. Here are 3 partial entries since the infection and one from before when I think I was clean. Notice the 5th load from the 7/2, 7/3 and the 7/17 entry:

Service Pack 3 7 17 2011 00:31:58.375

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver yljjqyp.sys

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver ohci1394.sys

Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS

Loaded driver compbatt.sys

Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver eufs.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver timntr.sys

Loaded driver Gernuwa.sys

Loaded driver tdrpman.sys

Loaded driver snapman.sys

Loaded driver Mup.sys

Loaded driver EUBKMON.sys

Loaded driver agp440.sys

*******************

Service Pack 3 7 3 2011 01:02:23.375

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver slffe.sys

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver ohci1394.sys

Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS

Loaded driver compbatt.sys

Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver timntr.sys

Loaded driver Gernuwa.sys

Loaded driver tdrpman.sys

Loaded driver snapman.sys

Loaded driver Mup.sys

Loaded driver agp440.sys

*****************************

Service Pack 3 7 2 2011 23:52:55.375

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver voblhqjb.sys

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver ohci1394.sys

Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS

Loaded driver compbatt.sys

Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver timntr.sys

Loaded driver Gernuwa.sys

Loaded driver tdrpman.sys

Loaded driver snapman.sys

Loaded driver Mup.sys

Loaded driver agp440.sys

********************

Service Pack 3 6 12 2011 12:32:59.375

Loaded driver \WINDOWS\system32\ntoskrnl.exe

Loaded driver \WINDOWS\system32\hal.dll

Loaded driver \WINDOWS\system32\KDCOM.DLL

Loaded driver \WINDOWS\system32\BOOTVID.dll

Loaded driver ACPI.sys

Loaded driver \WINDOWS\system32\DRIVERS\WMILIB.SYS

Loaded driver pci.sys

Loaded driver isapnp.sys

Loaded driver ohci1394.sys

Loaded driver \WINDOWS\system32\DRIVERS\1394BUS.SYS

Loaded driver compbatt.sys

Loaded driver \WINDOWS\System32\DRIVERS\BATTC.SYS

Loaded driver pciide.sys

Loaded driver \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

Loaded driver MountMgr.sys

Loaded driver ftdisk.sys

Loaded driver dmload.sys

Loaded driver dmio.sys

Loaded driver PartMgr.sys

Loaded driver VolSnap.sys

Loaded driver atapi.sys

Loaded driver disk.sys

Loaded driver \WINDOWS\System32\DRIVERS\CLASSPNP.SYS

Loaded driver fltmgr.sys

Loaded driver sr.sys

Loaded driver PxHelp20.sys

Loaded driver KSecDD.sys

Loaded driver Ntfs.sys

Loaded driver NDIS.sys

Loaded driver timntr.sys

Loaded driver Gernuwa.sys

Loaded driver tdrpman.sys

Loaded driver snapman.sys

Loaded driver Mup.sys

Loaded driver agp440.sys

*************************

Sorry for posting so much, but I wanted to give you as much info as I could.

Hopefully you can help me get this thing cleaned up once and for all.

Thanks, Alice

Link to post
Share on other sites

hi :welcome:

Before we begin, I would like to make a few things clear so that we can fix your problem as efficiently as possible:

  • Be sure to follow all my instructions carefully! If there is anything you don''t understand, don't hesitate to ask.
  • Please do not do anything or perform other steps unless I have asked you to do so.
  • Please make sure you post all logs I ask you to, and make sure that the entire log gets posted.

Step 1

Download aswMBR.exe ( 1.8mb ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

Step 2

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    %systemroot%\*. /mp /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Post both logs

Things I would like to see in your reply:

  • aswMBR log
  • OTL.txt and Extras.txt

Link to post
Share on other sites

I ran aswMBR here is the log. I did not install the Avast Anti-virus for aswMbr because your post did not say to do so. I have to post the OTL in a separate post because it said my post was too long.

aswMBR version 0.9.7.777 Copyright© 2011 AVAST Software

Run date: 2011-07-18 22:26:24

-----------------------------

22:26:24.046 OS Version: Windows 5.1.2600 Service Pack 3

22:26:24.046 Number of processors: 2 586 0x209

22:26:24.046 ComputerName: LINDAHOME UserName:

22:26:25.468 Initialize success

22:28:49.875 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3

22:28:49.875 Disk 0 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3

22:28:49.875 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-e

22:28:49.890 Disk 1 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3

22:28:49.890 Disk 1 MBR read successfully

22:28:49.890 Disk 1 MBR scan

22:28:49.890 Disk 1 Windows XP default MBR code

22:28:49.906 Disk 1 scanning sectors +976768065

22:28:49.968 Disk 1 scanning C:\WINDOWS\system32\drivers

22:28:57.921 Service scanning

22:28:58.843 Disk 1 trace - called modules:

22:28:58.859 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS

22:28:58.859 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8b0c9ab8]

22:28:58.859 3 CLASSPNP.SYS[f7667fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-e[0x8b0cdd98]

22:28:58.859 Scan finished successfully

22:29:52.984 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Linda Lavin\Desktop\MBR.dat"

22:29:52.984 The log file has been saved successfully to "C:\Documents and Settings\Linda Lavin\Desktop\aswMBR.txt"

Link to post
Share on other sites

Here is the OTL log.

OTL logfile created on: 7/18/2011 10:31:45 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Linda Lavin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.02% Memory free

5.85 Gb Paging File | 5.14 Gb Available in Paging File | 87.98% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.49 Gb Total Space | 410.66 Gb Free Space | 88.22% Space Free | Partition Type: NTFS

Drive F: | 298.09 Gb Total Space | 50.99 Gb Free Space | 17.11% Space Free | Partition Type: NTFS

Drive S: | 298.02 Gb Total Space | 156.81 Gb Free Space | 52.62% Space Free | Partition Type: FAT

Computer Name: LINDAHOME | User Name: Linda Lavin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 22:18:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Lavin\Desktop\OTL.scr

PRC - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe

PRC - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2011/04/25 20:27:44 | 000,733,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe

PRC - [2011/04/22 18:26:18 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe

PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe

PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/04 12:01:01 | 001,143,944 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FighterSuiteService.exe

PRC - [2011/03/04 12:00:41 | 000,214,664 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\SPAMfighter\sfus.exe

PRC - [2011/03/04 12:00:36 | 000,843,400 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\SPAMfighter\sfagent.exe

PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe

PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2010/08/22 12:56:05 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2010/04/16 12:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe

PRC - [2010/04/15 15:32:14 | 000,091,504 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe

PRC - [2010/04/01 14:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 12:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 11:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/01/14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/10/20 21:12:04 | 001,712,128 | ---- | M] () -- c:\TAI\Basis\BASIS License Manager\basis.exe

PRC - [2009/10/20 21:12:04 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- c:\TAI\Basis\BASIS License Manager\basis_lmgrd.exe

PRC - [2009/10/16 19:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

PRC - [2009/10/16 19:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

PRC - [2009/10/16 19:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

PRC - [2009/10/16 19:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

PRC - [2008/11/03 16:46:54 | 000,221,765 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\SYSTEM32\ngvpnmgr.exe

PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/19 04:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

PRC - [2007/09/05 14:06:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe

PRC - [2007/01/09 17:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

PRC - [2007/01/09 17:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

PRC - [2007/01/09 17:32:02 | 000,058,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

PRC - [2005/12/08 18:12:08 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2005/05/28 09:06:18 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2004/08/30 23:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

PRC - [2003/12/11 06:09:34 | 000,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe

PRC - [2003/11/12 13:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe

PRC - [2003/10/31 11:01:00 | 000,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe

PRC - [2002/12/17 13:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe

PRC - [2002/07/01 09:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/18 22:18:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Lavin\Desktop\OTL.scr

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2002/07/01 09:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)

SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/03/04 12:01:01 | 001,143,944 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)

SRV - [2011/03/04 12:00:41 | 000,214,664 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)

SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/04/16 12:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)

SRV - [2010/04/01 14:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 11:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/10/20 21:12:04 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- c:\tai\basis\BASIS License Manager\basis_lmgrd.exe -- (basis_lmgrd)

SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009/10/16 19:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)

SRV - [2008/11/03 16:46:54 | 000,221,765 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ngvpnmgr.exe -- (NgVpnMgr)

SRV - [2007/01/09 17:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2007/01/09 17:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2007/01/09 17:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

SRV - [2005/12/08 18:12:08 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2005/12/08 18:12:08 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/05/28 09:06:18 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2004/08/30 23:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)

SRV - [2004/08/30 23:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)

SRV - [2003/12/11 06:09:34 | 000,046,592 | R--- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc)

SRV - [2003/11/12 13:46:34 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)

SRV - [2003/11/12 13:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)

SRV - [2003/10/31 11:01:00 | 000,106,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)

SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011/04/22 18:26:12 | 000,035,720 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)

DRV - [2011/04/22 18:26:08 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)

DRV - [2011/04/22 18:26:06 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eudskacs.sys -- (EUDSKACS)

DRV - [2011/04/22 18:26:04 | 000,030,600 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)

DRV - [2011/04/22 18:26:02 | 000,187,528 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eudisk.sys -- (EUDISK)

DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech Webcam C260(UVC)

DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)

DRV - [2010/11/20 15:06:35 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010/11/20 15:06:35 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)

DRV - [2010/11/20 15:06:26 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2010/11/20 15:06:20 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010/03/01 11:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)

DRV - [2010/02/16 15:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)

DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)

DRV - [2009/05/11 13:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/11 16:19:00 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ivusb.sys -- (ivusb)

DRV - [2009/02/26 02:29:58 | 001,142,272 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)

DRV - [2009/02/13 15:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)

DRV - [2008/11/03 16:46:14 | 000,023,192 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngwfp.sys -- (NgWfp)

DRV - [2008/11/03 16:46:06 | 000,020,632 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngfilter.sys -- (NgFilter)

DRV - [2008/11/03 16:46:00 | 000,077,464 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngvpn.sys -- (NgVpn)

DRV - [2008/11/03 16:44:36 | 000,025,240 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nglog.sys -- (NgLog)

DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CT20XUT.DLL -- (CT20XUT.DLL)

DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)

DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)

DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)

DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)

DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2006/09/15 22:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2006/03/02 16:25:53 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)

DRV - [2005/05/28 09:06:19 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)

DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)

DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)

DRV - [2004/08/30 23:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NPDRIVER.SYS -- (NPDriver)

DRV - [2004/08/30 23:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SdDriver.SYS -- (SDdriver)

DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)

DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)

DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)

DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)

DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)

DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)

DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)

DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)

DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)

DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)

DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/06/26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vnccom.SYS -- (vnccom)

DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vncdrv.sys -- (vncdrv)

DRV - [2003/10/23 10:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AW_HOST5.sys -- (AW_HOST)

DRV - [2003/05/27 22:01:35 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)

DRV - [2003/05/27 22:01:35 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)

DRV - [2003/05/27 22:01:35 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)

DRV - [2003/05/27 22:01:35 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)

DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)

DRV - [2003/04/21 14:08:44 | 000,010,901 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)

DRV - [2003/04/21 13:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)

DRV - [2002/12/17 13:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2002/07/02 12:20:51 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.sys -- (LMouFlt2)

DRV - [2002/07/02 12:20:51 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2)

DRV - [2002/07/02 12:20:50 | 000,050,830 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Pr2.sys -- (l8042pr2)

DRV - [2001/08/17 13:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s3legacy.sys -- (s3legacy)

DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

DRV - [2000/07/18 10:18:54 | 000,029,820 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DLKRTS.sys -- (DLKRTS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 61939

FF - prefs.js..network.proxy.type: 1

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Linda Lavin\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Linda Lavin\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 12:19:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 12:19:19 | 000,000,000 | ---D | M]

[2011/07/03 02:02:05 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions

[2011/07/03 14:47:31 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{906e9d5c-e3c6-4729-8eb7-402fdf2b8fe0}

[2005/02/05 15:09:55 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2011/07/03 14:47:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{d29daa06-b9d6-4819-92bd-ece899e9e387}

[2011/07/03 14:47:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{f0e3d082-2094-4394-b2f9-b7ee74fe2b4d}

O1 HOSTS File: ([2011/07/04 12:13:19 | 000,435,452 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14987 more lines...

O2 - BHO: (no name) - {01F21FCE-AD62-4DF9-AF14-4A76386DDA4a} - No CLSID value found.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - No CLSID value found.

O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\ShellBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.

O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\WebBrowser: (no name) - {00000000-0008-5041-4354-0020E48020AF} - No CLSID value found.

O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.

O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)

O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)

O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()

O4 - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)

O4 - HKLM..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)

O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE (Symantec Corporation)

O4 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005..\Run: [setDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..Trusted Domains: ([]msn in My Computer)

O15 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..Trusted Domains: basis.com ([www] http in Trusted sites)

O15 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..Trusted Domains: intuit.com ([]* in Trusted sites)

O15 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..Trusted Domains: TAICONSULTING.COM ([WEB] https in Trusted sites)

O15 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..Trusted Domains: turbotax.com ([]http in Trusted sites)

O15 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://us.creative.com/support/downloads/su/ocx/12119/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} http://www.powerleap.com/cab_files/InSPECS3_0.cab (InSPECS3_0 Control)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab (DLM Control)

O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} http://i1img.com/images/nocache/copilot/i1initialsetup1.0.0.5.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108092747750 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://10.10.10.5/Remote/msrdp.cab (Microsoft RDP Client Control (redist))

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)

O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://k.itswv.net/inc/kaxRemote.dll (kasRmtHlp Class)

O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} http://igweb04.iamgame.com/java2/cabs/swing.cab (JFC Classes)

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Registry Information Class)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://jackpotcity.microgaming.com/jackpotcity/FlashAX.cab (FlashXControl Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} http://download.microsoft.com/download/a/3/7/a377aea1-7b14-4fa1-933c-43e657b37995/ProductIDGatherer.CAB (ProductIDGatherer.WindowsGatherer)

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab (ActiveDataObj Class)

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319 (QDiagHUpdateObj Class)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://us.creative.com/support/downloads/su/ocx/12119/CTPID.cab (Reg Error: Key error.)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/02/10 23:02:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/08/26 20:13:24 | 000,000,000 | ---D | M] - S:\autorun -- [ FAT ]

O32 - AutoRun File - [2008/02/25 11:30:42 | 000,000,054 | -H-- | M] () - S:\autorun.inf -- [ FAT ]

O33 - MountPoints2\##BIGJOE#PASSPORT\Shell - "" = AutoRun

O33 - MountPoints2\##BIGJOE#PASSPORT\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\##BIGJOE#PASSPORT\Shell\AutoRun\command - "" = S:\WDSetup.exe -- [2008/07/09 14:59:52 | 001,760,129 | ---- | M] (Western Digital Corporation )

O33 - MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\Shell - "" = AutoRun

O33 - MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\Shell - "" = AutoRun

O33 - MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\Shell - "" = AutoRun

O33 - MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/07/18 22:18:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda Lavin\Desktop\OTL.scr

[2011/07/18 21:50:42 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Linda Lavin\Desktop\aswMBR.exe

[2011/07/09 21:18:08 | 000,000,000 | -HSD | C] -- C:\BOOT

[2011/07/09 21:18:00 | 000,187,528 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudisk.sys

[2011/07/09 21:18:00 | 000,020,744 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eufs.sys

[2011/07/09 21:18:00 | 000,014,216 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys

[2011/07/09 21:17:59 | 000,030,600 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys

[2011/07/09 21:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Todo Backup 2.5.1

[2011/07/09 21:15:05 | 000,018,824 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe

[2011/07/09 21:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS

[2011/07/07 20:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Lavin\My Documents\pool

[2011/07/06 16:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/07/04 22:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax Business 2010

[2011/07/04 22:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010

[2011/07/04 17:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TweakNow RegCleaner 2011

[2011/07/04 17:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Lavin\Application Data\TweakNow RegCleaner 2011

[2011/07/04 15:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise PC Engineer

[2011/07/04 15:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Wise PC Engineer

[2011/07/03 17:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Lavin\My Documents\virus_redirector07022011

[2011/07/03 17:18:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Linda Lavin\Recent

[2011/07/03 14:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/03 14:15:14 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/07/03 05:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011/07/03 02:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

[2011/06/19 12:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe

[2011/06/19 12:03:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR

[2009/06/23 12:49:14 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/18 22:29:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\MBR.dat

[2011/07/18 22:18:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Lavin\Desktop\OTL.scr

[2011/07/18 21:50:43 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Linda Lavin\Desktop\aswMBR.exe

[2011/07/18 21:49:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/18 15:03:23 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\6.3 T9.lnk

[2011/07/18 11:49:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/18 10:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/07/18 08:03:35 | 000,091,136 | ---- | M] () -- C:\WINDOWS\outlook.pst

[2011/07/18 07:55:40 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2011/07/18 04:55:34 | 000,480,768 | -HS- | M] () -- C:\{DD97ED8E-4481-4949-B70B-04DEAA7EBFA1}.CBM

[2011/07/18 04:55:34 | 000,004,096 | -HS- | M] () -- C:\{463CF13E-9FCE-46E4-A2DF-EF5EE05AB18A}.CBM

[2011/07/18 04:00:05 | 000,477,184 | -HS- | M] () -- C:\EUMONBMP.SYS

[2011/07/18 01:00:01 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

[2011/07/18 00:00:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job

[2011/07/17 17:32:33 | 000,012,626 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/07/17 00:37:25 | 000,437,914 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2011/07/17 00:37:25 | 000,069,834 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2011/07/17 00:35:13 | 000,126,989 | ---- | M] () -- C:\logfile

[2011/07/17 00:33:36 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011/07/17 00:32:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/07/17 00:32:15 | 3220,246,528 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/16 16:33:12 | 050,331,648 | ---- | M] () -- C:\WINDOWS\mailbox.pst

[2011/07/16 12:38:15 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

[2011/07/16 11:11:51 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

[2011/07/15 15:43:52 | 000,004,696 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/07/11 21:47:45 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\Microsoft Word.lnk

[2011/07/10 19:25:01 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2011/07/09 21:18:08 | 000,194,748 | -HS- | M] () -- C:\EASEUSLD.LDR

[2011/07/09 21:17:58 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Todo Backup Free 2.5.1.lnk

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll

[2011/07/06 16:32:28 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll

[2011/07/06 16:32:28 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

[2011/07/06 13:01:28 | 000,135,923 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\My Documents\WeaKnees_Invoice.pdf

[2011/07/06 11:50:57 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/07/06 11:50:57 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\Spybot - Search & Destroy.lnk

[2011/07/04 22:40:02 | 000,001,884 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Business 2010.lnk

[2011/07/04 22:28:39 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk

[2011/07/04 20:17:39 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\TurboTax 2009.lnk

[2011/07/04 12:13:19 | 000,435,452 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2011/07/04 12:08:55 | 000,434,784 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110704-121319.backup

[2011/07/03 14:14:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\housecall.guid.cache

[2011/06/19 12:04:52 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/18 22:29:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Desktop\MBR.dat

[2011/07/14 04:52:19 | 000,480,768 | -HS- | C] () -- C:\{DD97ED8E-4481-4949-B70B-04DEAA7EBFA1}.CBM

[2011/07/09 22:53:13 | 000,004,096 | -HS- | C] () -- C:\{463CF13E-9FCE-46E4-A2DF-EF5EE05AB18A}.CBM

[2011/07/09 22:03:23 | 000,477,184 | -HS- | C] () -- C:\EUMONBMP.SYS

[2011/07/09 21:18:08 | 000,194,748 | -HS- | C] () -- C:\EASEUSLD.LDR

[2011/07/09 21:17:59 | 000,035,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys

[2011/07/09 21:17:58 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Todo Backup Free 2.5.1.lnk

[2011/07/06 13:01:28 | 000,135,923 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\My Documents\WeaKnees_Invoice.pdf

[2011/07/04 22:40:02 | 000,001,884 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Business 2010.lnk

[2011/07/04 22:28:39 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk

[2011/07/04 20:59:39 | 000,368,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/07/04 11:59:37 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

[2011/07/04 11:51:25 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

[2011/07/03 17:21:25 | 3220,246,528 | -HS- | C] () -- C:\hiberfil.sys

[2011/07/03 14:14:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\housecall.guid.cache

[2011/06/19 12:04:52 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk

[2011/06/19 12:04:52 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk

[2011/05/01 18:53:41 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/03 12:53:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2011/03/06 13:45:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2011/03/06 13:45:17 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\P17.dll

[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2010/11/09 22:45:30 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010/11/09 22:45:20 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010/11/09 22:31:42 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/07/31 15:20:58 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll

[2010/07/31 15:20:58 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll

[2010/07/31 15:20:58 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll

[2010/07/31 15:20:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll

[2010/07/31 15:20:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll

[2010/07/31 15:20:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll

[2010/07/31 15:20:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll

[2010/07/31 15:20:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll

[2010/07/31 15:20:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll

[2010/07/31 15:20:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll

[2010/07/31 15:20:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll

[2010/07/31 15:20:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll

[2010/07/31 15:20:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll

[2010/07/31 15:20:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll

[2010/07/31 15:20:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll

[2010/07/31 15:20:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll

[2010/07/31 15:20:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll

[2010/07/31 15:20:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll

[2010/07/31 15:20:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll

[2010/07/31 15:20:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll

[2010/07/31 15:20:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll

[2010/06/26 11:54:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2010/04/28 12:15:41 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat

[2010/04/17 15:46:25 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2010/04/17 15:46:24 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2010/04/17 15:46:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2010/04/17 15:46:23 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2010/04/17 15:46:22 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2010/04/17 15:46:22 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2010/04/17 15:46:21 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2010/04/17 15:46:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2010/03/09 13:26:29 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2010/01/16 16:21:00 | 000,208,951 | ---- | C] () -- C:\WINDOWS\hpoins35.dat

[2010/01/16 16:21:00 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat

[2010/01/03 18:22:44 | 000,067,480 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2009/10/07 15:43:41 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2009/08/17 23:14:07 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2009/06/23 12:28:48 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2008/11/03 16:48:40 | 000,117,831 | ---- | C] () -- C:\WINDOWS\ngmsi.dll

[2008/11/03 16:47:40 | 000,008,263 | ---- | C] () -- C:\WINDOWS\ngutil.exe

[2008/08/02 13:13:59 | 000,000,890 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2008/07/25 12:50:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icverify.INI

[2008/05/18 15:14:03 | 000,014,290 | ---- | C] () -- C:\Program Files\settings.dat

[2008/05/18 15:13:42 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/10/11 21:44:22 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html

[2007/06/06 10:10:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll

[2006/10/12 17:18:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2006/03/04 14:42:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/03/02 16:25:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys

[2005/11/26 12:42:48 | 000,000,800 | ---- | C] () -- C:\WINDOWS\unins001.dat

[2005/03/25 20:07:01 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini

[2005/02/05 15:09:18 | 000,002,650 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2004/10/02 13:08:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/09/30 12:16:42 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\MACHNM1.EXE

[2004/08/29 10:03:23 | 000,000,327 | ---- | C] () -- C:\WINDOWS\alchem.ini

[2004/08/29 10:02:36 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BKGKFLKQ.ini

[2004/08/26 11:41:27 | 000,000,385 | ---- | C] () -- C:\WINDOWS\IQW.ini

[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 09:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 09:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/03 20:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/05/17 20:06:28 | 000,127,042 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2004/01/29 12:12:58 | 000,027,216 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Application Data\Personal Address Book.ADR

[2004/01/25 20:27:30 | 000,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini

[2004/01/25 14:49:11 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2003/11/25 14:27:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icvtran.INI

[2003/11/03 21:29:38 | 000,000,123 | ---- | C] () -- C:\WINDOWS\entpack.ini

[2003/10/29 16:22:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2003/10/13 19:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI

[2003/06/18 09:06:40 | 000,001,953 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2003/06/08 17:08:41 | 000,001,015 | ---- | C] () -- C:\WINDOWS\Pkzipw.INI

[2003/06/07 09:15:18 | 000,000,774 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2003/06/06 16:24:01 | 000,000,160 | ---- | C] () -- C:\WINDOWS\icsetup.INI

[2003/06/03 20:46:16 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2003/06/01 15:05:44 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe

[2003/06/01 15:03:41 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL

[2003/06/01 09:21:51 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2003/06/01 08:48:00 | 000,000,424 | ---- | C] () -- C:\WINDOWS\VTruck1.ini

[2003/05/31 21:43:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallDriver.exe

[2003/05/27 22:05:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/05/27 22:00:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2003/05/27 21:53:12 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat

[2003/05/27 21:52:40 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2003/05/27 21:48:37 | 000,000,900 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/05/27 21:39:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT

[2003/05/27 21:37:26 | 000,437,914 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT

[2003/05/27 21:37:26 | 000,069,834 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT

[2003/05/27 21:23:10 | 000,000,477 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2002/09/09 19:40:56 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2002/09/09 19:39:32 | 000,000,895 | ---- | C] () -- C:\WINDOWS\LRUN32.INI

[2002/09/09 19:37:54 | 000,000,655 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2002/09/03 14:35:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2002/09/03 14:31:48 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2002/03/14 14:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe

[2001/03/14 13:42:55 | 000,001,304 | ---- | C] () -- C:\WINDOWS\extend.dat

[2000/02/08 03:05:36 | 000,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL

[2000/02/08 03:05:34 | 000,320,512 | R--- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE

[2000/02/08 03:05:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL

[1998/08/16 07:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

[1998/05/28 18:16:39 | 000,009,728 | ---- | C] () -- C:\WINDOWS\VIEWS.DAT

========== LOP Check ==========

[2008/10/08 15:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\alice\Application Data\SPAMfighter

[2010/04/17 17:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2009/08/02 10:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail

[2008/08/02 13:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2007/06/06 10:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA

[2006/10/22 15:01:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/11/03 11:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite

[2009/12/27 18:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS

[2010/11/03 11:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters

[2011/07/18 12:45:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2011/07/17 05:00:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect

[2010/11/20 13:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2011/07/03 12:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2007/02/02 18:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006

[2011/06/11 00:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\U-Verse Realtime

[2007/09/15 20:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2010/04/18 19:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital

[2011/05/25 19:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2011/04/24 19:52:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}

[2009/10/17 12:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Analysis Lotto

[2009/08/02 10:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Aventail

[2010/11/03 11:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Common Toolkit Suite

[2010/01/30 15:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Costco Photo Viewer US

[2010/04/27 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Facebook

[2010/11/03 11:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Fighters

[2009/12/25 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\GARMIN

[2005/11/06 14:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Kana Solution

[2011/04/03 11:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Leadertech

[2010/01/10 13:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Musicmatch

[2004/10/01 19:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\SLAutoSave

[2007/06/27 08:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\SPAMfighter

[2003/06/06 21:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\The Labyrinth Plus! Edition

[2011/07/04 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\TweakNow RegCleaner

[2011/07/04 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\TweakNow RegCleaner 2011

[2007/09/15 20:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Viewpoint

[2010/02/23 15:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\VirtualStore

[2010/04/18 20:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Western DigitalTemp

[2011/04/30 11:14:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Fighters

[2011/07/10 19:25:01 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2001/07/17 07:08:14 | 000,065,536 | ---- | M] () -- C:\copyinf.exe

< MD5 for: EXPLORER.EXE >

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe

[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe

[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

[2004/08/12 09:19:07 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SVCHOST.EXE >

[2002/08/29 06:00:00 | 000,012,800 | ---- | M] (Microsoft Corporation) MD5=0F7D9C87B0CE1FA520473119752C6F79 -- C:\I386\SVCHOST.EXE

[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe

[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\SYSTEM32\svchost.exe

[2004/08/12 09:30:22 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >

[2004/08/12 09:31:54 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe

[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SYSTEM32\userinit.exe

[2002/08/29 06:00:00 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=E931E0A2B8BF0019DB902E98D03662CB -- C:\I386\USERINIT.EXE

< MD5 for: WINLOGON.EXE >

[2004/08/12 09:33:32 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe

[2002/08/29 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\I386\WINLOGON.EXE

[2002/08/29 06:00:00 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=2246D8D8F4714A2CEDB21AB9B1849ABB -- C:\WINDOWS\$NtUninstallKB841533$\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe

[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SYSTEM32\winlogon.exe

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -chrome "chrome://browser/content/pref/pref.xul"

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 06:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 06:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\firefox.exe\shell\properties\command\\: C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -chrome "chrome://browser/content/pref/pref.xul"

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/04/25 08:00:32 | 000,070,656 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011/04/21 06:58:25 | 000,634,648 | ---- | M] (Microsoft Corporation)

HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\MSN Explorer\shell\open\command\\: "C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE" [2002/08/29 06:00:00 | 000,094,208 | ---- | M] (Microsoft Corporation)

< End of report >

Link to post
Share on other sites

Here is the OTL Extras.txt

OTL Extras logfile created on: 7/18/2011 10:31:45 PM - Run 1

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Linda Lavin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.25 Gb Available Physical Memory | 75.02% Memory free

5.85 Gb Paging File | 5.14 Gb Available in Paging File | 87.98% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.49 Gb Total Space | 410.66 Gb Free Space | 88.22% Space Free | Partition Type: NTFS

Drive F: | 298.09 Gb Total Space | 50.99 Gb Free Space | 17.11% Space Free | Partition Type: NTFS

Drive S: | 298.02 Gb Total Space | 156.81 Gb Free Space | 52.62% Space Free | Partition Type: FAT

Computer Name: LINDAHOME | User Name: Linda Lavin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"6601:TCP" = 6601:TCP:*:Enabled:PCA HOST

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Symantec\pcAnywhere\winaw32.exe" = C:\Program Files\Symantec\pcAnywhere\winaw32.exe:*:Enabled:pcAnywhere Main Program -- (Symantec Corporation)

"C:\Program Files\Symantec\pcAnywhere\awhost32.exe" = C:\Program Files\Symantec\pcAnywhere\awhost32.exe:*:Enabled:pcAnywhere Host Service -- (Symantec Corporation)

"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service -- (Symantec Corporation)

"C:\WINDOWS\SYSTEM32\mmc.exe" = C:\WINDOWS\SYSTEM32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)

"C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe" = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe:*:Enabled:VPN Client

"C:\Program Files\TurboTax\Deluxe 2004\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2004\32bit\ttax.exe:*:Enabled:TurboTax Deluxe 2004

"C:\Program Files\Symantec\LiveUpdate\LUALL.EXE" = C:\Program Files\Symantec\LiveUpdate\LUALL.EXE:*:Enabled:LiveUpdate -- (Symantec Corporation)

"C:\TAI\Basis\VPRO5\vpro5.exe" = C:\TAI\Basis\VPRO5\vpro5.exe:*:Enabled:Visual PRO/5® Business BASIC Interpreter -- (BASIS International Ltd.)

"C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe" = C:\Program Files\Java\jre1.5.0_01\bin\javaw.exe:*:Enabled:Java 2 Platform Standard Edition binary

"C:\ICWin315\j2re1.4.2_04\bin\java.exe" = C:\ICWin315\j2re1.4.2_04\bin\java.exe:*:Enabled:java

"C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\TAI\Basis\BBJ\ide\bin\runide.exe" = C:\TAI\Basis\BBJ\ide\bin\runide.exe:*:Enabled:runide

"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax

"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager

"C:\Documents and Settings\Linda Lavin\Local Settings\Temp\KRlyCLis.exe" = C:\Documents and Settings\Linda Lavin\Local Settings\Temp\KRlyCLis.exe:*:Enabled:Kaseya Remote Control Relay Client - Listener

"C:\Documents and Settings\Linda Lavin\Local Settings\Temp\vncviewer.exe" = C:\Documents and Settings\Linda Lavin\Local Settings\Temp\vncviewer.exe:*:Enabled:VNC Viewer Free Edition for Win32

"C:\Program Files\RealVNC\WinVNC\winvnc.exe" = C:\Program Files\RealVNC\WinVNC\winvnc.exe:*:Enabled:VNC server for Win32

"C:\Program Files\RealVNC\vncviewer.exe" = C:\Program Files\RealVNC\vncviewer.exe:*:Enabled:vncviewer

"C:\Program Files\DynDNS Updater\DynDNS.exe" = C:\Program Files\DynDNS Updater\DynDNS.exe:*:Enabled:DynDNS Updater

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)

"C:\Program Files\Smartparts\Smartparts Desktop\OptiPix.exe" = C:\Program Files\Smartparts\Smartparts Desktop\OptiPix.exe:*:Enabled:Smartparts Desktop -- (Smartparts, Inc.)

"C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe" = C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqfxt08.exe:*:Enabled:hpqfxt08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)

"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\HP Software Update\HPWUCli.exe" = C:\Program Files\HP\HP Software Update\HPWUCli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)

"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)

"C:\Program Files\Logitech\Vid HD\Vid.exe" = C:\Program Files\Logitech\Vid HD\Vid.exe:*:Enabled:Logitech Vid HD -- (Logitech Inc.)

"C:\Program Files\U-Verse Realtime\U-Verse Realtime.exe" = C:\Program Files\U-Verse Realtime\U-Verse Realtime.exe:*:Enabled:U-Verse Realtime.exe -- ()

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn

"{05BDC796-3451-4F81-B91D-E98F7ADA76C2}" = TurboTax 2010 WinPerTaxSupport

"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan

"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC

"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video

"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center

"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday

"{12941D63-796A-4876-B4E9-494B793BAA8F}" = Visual PRO/5

"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert

"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi

"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main

"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{180D45DA-5140-48D4-BDEA-8B9CE3A6D9A4}" = TurboTax 2008 WinBizTaxSupport

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1D0AB230-E7BC-41CB-A50C-F282273E897B}" = SPAMfighter Client

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20EFC9AA-BBC1-4DFD-81FF-99654F71CBF8}" = HPPhotoSmartDiscLabel_PrintOnDisc

"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery

"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java 6 Update 22

"{2928F0D5-DABC-4637-A6B3-740629075555}" = RocketFish 5.1 PCI Sound Card

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard

"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)

"{34F93E31-E1A0-421C-8E86-BCF7C4193A91}" = LogMeIn

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3782EC09-4000-475E-8A59-9CABD6F03B4C}" = TurboTax 2010 WinPerFedFormset

"{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset

"{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine

"{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport

"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset

"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine

"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport

"{39C16060-EAA2-012B-ADFC-000000000000}" = TurboTax 2009 wmiiper

"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper

"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT

"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore

"{439800C9-FD42-4EA3-94D2-063DF0926873}" = Match-Up!

"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg

"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4AEBD86C-C82E-401A-9AA0-8B8AF7A5A3CA}" = TurboTax 2008 WinBizFedFormset

"{4B069D9F-C4B7-11D6-86EB-00B0D0D27DD0}" = ICVERIFY for Windows SDK

"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4F2FCCCF-29F3-44B9-886F-6D16F8417522}" = TurboTax 2010 wrapper

"{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1" = Data Lifeguard Diagnostic for Windows 1.21

"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001

"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.2

"{56D4C8A0-6126-11DD-AD8B-0800200C9A66}" = TurboTax 2008 WinBizUserEducation

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.70

"{5866F83F-5347-4324-A15E-070502A65866}" = TurboTax 2010 WinBizReleaseEngine

"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink

"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic

"{6334BBB0-8A2E-4679-B845-9CE27E72DBDA}" = TurboTax 2010 WinBizTaxSupport

"{634B01DF-A45B-4623-80E1-E15FF82A4979}" = Norton CleanSweep

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{64116298-93C5-401D-B06C-39D8E3338508}" = DAO

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1

"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids

"{6A7867BA-B7CA-4CC9-ACAB-85BA46865EE5}" = Norton Utilities

"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply

"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox

"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery

"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection

"{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2005

"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73B69C5C-87D6-471E-B695-0BD736C4B644}" = Retrospect 6.5

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{75B61CF0-B8A8-46E2-8709-C4A79898AC1D}" = Data Lifeguard Diagnostic for Windows

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper

"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer

"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{888F0154-4AAA-4719-BFAE-01C3066B8408}" = C309a

"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software

"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox

"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{900B1884-2D6F-4a70-A3C7-C3F4DA873FDB}" = NSW_DRM_COLLECTION

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content

"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization

"{91110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional

"{91190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer

"{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent

"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc

"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt

"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin

"{9E23C48E-5483-4971-BA50-089F2FABCD66}" = Norton SystemWorks

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{A088AF9D-0B94-4C33-B327-E5B494CE810B}" = PS_AIO_05_C309_Software_Min

"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove

"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars

"{A2A78788-2792-49BF-AF22-5E9296E568F3}" = Aventail Connect

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A525E00B-6609-442E-9DCD-64453C233E8D}" = TurboTax 2010 WinPerReleaseEngine

"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet

"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9B54408-EF50-4821-B8A2-F597A657112A}" = HP Photosmart C309a All-In-One Driver Software 13.0 Rel .5

"{AB75312A-5C5A-485D-930A-8B5CF77824E6}" = Initio USB Default Controller Driver 32-bit

"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.0)

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status

"{AFB1DFA5-FB56-4C9F-97A0-1607BC14BC0C}" = Smartparts Desktop

"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper

"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport

"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network

"{B28635AB-1DF3-4F07-BFEA-975D911B549B}" = hpphotosmartdisclabelplugin

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B6C2466E-D773-4EF5-9350-9D3D68F668BE}" = TurboTax 2008 WinBizProgramHelp

"{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax

"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C14201FD-245D-4CA9-A582-47D842C6AC59}" = TurboTax 2010 wmiiper

"{C3ADD937-FD5F-4CC6-AE15-AEDEE2A20165}" = TurboTax 2010 wrapper

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Seagate DiscWizard

"{C6E0D768-9A9F-4DCF-A62A-61D8EAB59063}" = U-Verse Realtime

"{CCFFC1DA-7A65-4C1B-98DC-3F7861F50254}" = TurboTax 2008 wrapper

"{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}" = System Requirements Lab for Intel

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1725BDB-BA2B-4503-A8CB-F5C835D743FA}" = MSRedist

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software

"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential

"{D9D8F2CF-FE2D-4644-9762-01F916FE90A9}" = HPPhotoSmartDiscLabel_PaperLabel

"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR

"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp

"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon

"{DE58B061-6936-4913-AA5C-682E49356D86}" = TurboTax 2008 wmiiper

"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby

"{E6C0F926-446B-4450-8D15-4405A9431EB7}" = TurboTax 2010 WinBizFedFormset

"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp

"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips

"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP

"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker

"{F05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere

"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase

"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK

"{F8D8A515-3D81-431D-BCBB-9EBA3CFE0987}" = TurboTax 2008 WinBizReleaseEngine

"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR

"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook

"AccuWage 2010" = AccuWage 2010

"Ad-Aware SE Personal" = Ad-Aware SE Personal

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Amazing Windows XP Screen Saver_is1" = Amazing Windows XP Screen Saver 1.2

"AnarkClient" = Anark Client 1.0

"AT&T Unified Messaging" = AT&T Unified Messaging

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BASIS License Manager" = BASIS License Manager

"CCleaner" = CCleaner

"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows

"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver

"DynDNSUpdater" = DynDNS Updater

"EASEUS Todo Backup Free 2.5.1_is1" = EASEUS Todo Backup Free 2.5.1

"ESET Online Scanner" = ESET Online Scanner v3

"HP Imaging Device Functions" = HP Imaging Device Functions 13.0

"HP Photosmart Essential" = HP Photosmart Essential 3.5

"HP Smart Web Printing" = HP Smart Web Printing 4.60

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 13.0

"HPOCR" = OCR Software by I.R.I.S. 13.0

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"Java Media Framework 2.1.1e" = Java Media Framework 2.1.1e

"LiveReg" = LiveReg (Symantec Corporation)

"LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation)

"Logitech Vid" = Logitech Vid HD

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705

"Microsoft Press Interactive Training" = Microsoft Interactive Training

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSN Music Assistant" = MSN Music Assistant

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"NVIDIA Drivers" = NVIDIA Drivers

"Photo Viewer 3.09 (with Outlook Sync)" = Photo Viewer 3.09 (with Outlook Sync)

"Picasa 3" = Picasa 3

"PROSet" = Intel® PRO Network Connections Drivers

"RealPlayer 6.0" = RealPlayer

"Shockwave" = Shockwave

"Shop for HP Supplies" = Shop for HP Supplies

"Software Developer Kit" = ICVERIFY and CyberCash Software Developer Kit

"SPAMfighter" = SPAMfighter

"SymSetup.{71E7B3F5-CFAF-4C1E-B494-528E28707937}" = Norton SystemWorks 2005 (Symantec Corporation)

"TurboTax 2008" = TurboTax 2008

"TurboTax 2009" = TurboTax 2009

"TurboTax 2010" = TurboTax 2010

"TurboTax Business 2006" = TurboTax Business 2006

"TurboTax Business 2007" = TurboTax Business 2007

"TurboTax Business 2008" = TurboTax Business 2008

"TurboTax Business 2009" = TurboTax Business 2009

"TurboTax Business 2010" = TurboTax Business 2010

"TurboTax Deluxe 2007" = TurboTax Deluxe 2007

"TweakNow RegCleaner 2011_is1" = TweakNow RegCleaner 2011

"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)

"WIC" = Windows Imaging Component

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinPcapInst" = WinPcap 4.1.1

"Wise PC Engineer_is1" = Wise PC Engineer 6.3.8

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager

"f031ef6ac137efc5" = Dell Driver Download Manager

"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 7/4/2011 8:39:57 PM | Computer Name = LINDAHOME | Source = MsiInstaller | ID = 11334

Description = Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file

'spring.aop.dll.1A8FF3C7_84AC_4D31_B3A7_9AB7ECBC1C29' cannot be installed because

the file cannot be found in cabinet file 'PCW_CAB_A525E00B'. This could indicate

a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 7/4/2011 8:39:58 PM | Computer Name = LINDAHOME | Source = MsiInstaller | ID = 11334

Description = Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file

'spring.aop.dll.1A8FF3C7_84AC_4D31_B3A7_9AB7ECBC1C29' cannot be installed because

the file cannot be found in cabinet file 'PCW_CAB_A525E00B'. This could indicate

a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 7/4/2011 8:39:59 PM | Computer Name = LINDAHOME | Source = MsiInstaller | ID = 11334

Description = Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file

'spring.aop.dll.1A8FF3C7_84AC_4D31_B3A7_9AB7ECBC1C29' cannot be installed because

the file cannot be found in cabinet file 'PCW_CAB_A525E00B'. This could indicate

a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 7/4/2011 8:40:00 PM | Computer Name = LINDAHOME | Source = MsiInstaller | ID = 11334

Description = Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file

'spring.aop.dll.1A8FF3C7_84AC_4D31_B3A7_9AB7ECBC1C29' cannot be installed because

the file cannot be found in cabinet file 'PCW_CAB_A525E00B'. This could indicate

a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 7/4/2011 8:40:01 PM | Computer Name = LINDAHOME | Source = MsiInstaller | ID = 11334

Description = Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file

'spring.aop.dll.1A8FF3C7_84AC_4D31_B3A7_9AB7ECBC1C29' cannot be installed because

the file cannot be found in cabinet file 'PCW_CAB_A525E00B'. This could indicate

a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 7/4/2011 8:40:02 PM | Computer Name = LINDAHOME | Source = MsiInstaller | ID = 11334

Description = Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file

'spring.aop.dll.1A8FF3C7_84AC_4D31_B3A7_9AB7ECBC1C29' cannot be installed because

the file cannot be found in cabinet file 'PCW_CAB_A525E00B'. This could indicate

a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 7/4/2011 8:40:03 PM | Computer Name = LINDAHOME | Source = MsiInstaller | ID = 11334

Description = Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file

'spring.aop.dll.1A8FF3C7_84AC_4D31_B3A7_9AB7ECBC1C29' cannot be installed because

the file cannot be found in cabinet file 'PCW_CAB_A525E00B'. This could indicate

a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 7/4/2011 8:40:03 PM | Computer Name = LINDAHOME | Source = MsiInstaller | ID = 11334

Description = Product: TurboTax 2010 WinPerReleaseEngine -- Error 1334. The file

'spring.aop.dll.1A8FF3C7_84AC_4D31_B3A7_9AB7ECBC1C29' cannot be installed because

the file cannot be found in cabinet file 'PCW_CAB_A525E00B'. This could indicate

a network error, an error reading from the CD-ROM, or a problem with this package.

Error - 7/4/2011 8:46:10 PM | Computer Name = LINDAHOME | Source = Application Error | ID = 1000

Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting

module ntdll.dll, version 5.1.2600.6055, fault address 0x000101b3.

Error - 7/17/2011 3:24:08 PM | Computer Name = LINDAHOME | Source = Application Error | ID = 1000

Description = Faulting application si32.exe, version 18.0.0.62, faulting module

ntdll.dll, version 5.1.2600.6055, fault address 0x00011fc4.

[ System Events ]

Error - 7/3/2011 3:00:16 PM | Computer Name = LINDAHOME | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/3/2011 3:21:09 PM | Computer Name = LINDAHOME | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/3/2011 3:33:02 PM | Computer Name = LINDAHOME | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/3/2011 3:33:57 PM | Computer Name = LINDAHOME | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/3/2011 3:34:09 PM | Computer Name = LINDAHOME | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/3/2011 4:16:15 PM | Computer Name = LINDAHOME | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/3/2011 4:51:44 PM | Computer Name = LINDAHOME | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 7/3/2011 5:20:43 PM | Computer Name = LINDAHOME | Source = DCOM | ID = 10005

Description = DCOM got error "%1084" attempting to start the service EventSystem

with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 7/5/2011 10:21:11 PM | Computer Name = LINDAHOME | Source = Service Control Manager | ID = 7009

Description = Timeout (30000 milliseconds) waiting for the DynDNS Updater service

to connect.

Error - 7/5/2011 10:21:11 PM | Computer Name = LINDAHOME | Source = Service Control Manager | ID = 7000

Description = The DynDNS Updater service failed to start due to the following error:

%%1053

< End of report >

Link to post
Share on other sites

hi

uninstall Viewpoint Media Player

Step 1

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]
    IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]
    IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]
    IE - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = CE 1F F2 01 62 AD F9 4D AF 14 4A 76 38 6D DA 4A [binary data]
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 61939
    FF - prefs.js..network.proxy.type: 1
    FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
    [2011/07/03 14:47:31 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{906e9d5c-e3c6-4729-8eb7-402fdf2b8fe0}
    [2011/07/03 14:47:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{d29daa06-b9d6-4819-92bd-ece899e9e387}
    [2011/07/03 14:47:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{f0e3d082-2094-4394-b2f9-b7ee74fe2b4d}
    O2 - BHO: (no name) - {01F21FCE-AD62-4DF9-AF14-4A76386DDA4a} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {CA0B9B71-C2AF-11D3-B376-0800460222F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\ShellBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
    O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\WebBrowser: (no name) - {00000000-0008-5041-4354-0020E48020AF} - No CLSID value found.
    O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\WebBrowser: (no name) - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - No CLSID value found.
    O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O33 - MountPoints2\##BIGJOE#PASSPORT\Shell - "" = AutoRun
    O33 - MountPoints2\##BIGJOE#PASSPORT\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\##BIGJOE#PASSPORT\Shell\AutoRun\command - "" = S:\WDSetup.exe -- [2008/07/09 14:59:52 | 001,760,129 | ---- | M] (Western Digital Corporation )
    O33 - MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
    O33 - MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\Shell - "" = AutoRun
    O33 - MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
    [2007/09/15 20:46:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2011/04/24 19:52:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}
    [2001/07/17 07:08:14 | 000,065,536 | ---- | M] () -- C:\copyinf.exe

    :Files

    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious-1.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Things I would like to see in your reply:

  • OTL log
  • TDSSkiller log

Link to post
Share on other sites

Hi Advanced,

I do not see an ! next to partmgr now. I wonder if this was due to me trying to do Media Share to our new Directv DVR? Because the BigJoe/Passport is an external drive on my husband's pc. Do you think my pc was trying to mount it?

Either way, I WILL be purchasing the Pro version of MBAM for both my pc and my husband's pc because of this scare.

I removed View Point Media Player and ran OTL with your requested commands, then downloaded and ran TDSSKiller. Logs are posted here.

All processes killed

========== OTL ==========

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

HKU\S-1-5-21-1546378718-3412670005-1479114112-1005\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default| /E : value set successfully!

Prefs.js: "127.0.0.1" removed from network.proxy.http

Prefs.js: 61939 removed from network.proxy.http_port

Prefs.js: 1 removed from network.proxy.type

Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@viewpoint.com/VMP\ not found.

File C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll not found.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{906e9d5c-e3c6-4729-8eb7-402fdf2b8fe0}\defaults\preferences folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{906e9d5c-e3c6-4729-8eb7-402fdf2b8fe0}\defaults folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{906e9d5c-e3c6-4729-8eb7-402fdf2b8fe0}\chrome folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{906e9d5c-e3c6-4729-8eb7-402fdf2b8fe0} folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{d29daa06-b9d6-4819-92bd-ece899e9e387}\defaults\preferences folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{d29daa06-b9d6-4819-92bd-ece899e9e387}\defaults folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{d29daa06-b9d6-4819-92bd-ece899e9e387}\chrome folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{d29daa06-b9d6-4819-92bd-ece899e9e387} folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{f0e3d082-2094-4394-b2f9-b7ee74fe2b4d}\defaults\preferences folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{f0e3d082-2094-4394-b2f9-b7ee74fe2b4d}\defaults folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{f0e3d082-2094-4394-b2f9-b7ee74fe2b4d}\chrome folder moved successfully.

C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{f0e3d082-2094-4394-b2f9-b7ee74fe2b4d} folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F21FCE-AD62-4DF9-AF14-4A76386DDA4a}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01F21FCE-AD62-4DF9-AF14-4A76386DDA4a}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CA0B9B71-C2AF-11D3-B376-0800460222F0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA0B9B71-C2AF-11D3-B376-0800460222F0}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CA0B9B71-C2AF-11D3-B376-0800460222F0} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CA0B9B71-C2AF-11D3-B376-0800460222F0}\ not found.

Registry value HKEY_USERS\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.

Registry value HKEY_USERS\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_USERS\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0008-5041-4354-0020E48020AF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0008-5041-4354-0020E48020AF}\ not found.

Registry value HKEY_USERS\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.

Registry value HKEY_USERS\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

Registry value HKEY_USERS\S-1-5-21-1546378718-3412670005-1479114112-1005\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##BIGJOE#PASSPORT\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##BIGJOE#PASSPORT\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\##BIGJOE#PASSPORT\ not found.

S:\WDSetup.exe moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08b769d0-4b45-11df-9f9f-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08b769d0-4b45-11df-9f9f-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{08b769d0-4b45-11df-9f9f-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08b769d0-4b45-11df-9f9f-00038a000015}\ not found.

File "F:\WD SmartWare.exe" autoplay=true not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f8f455b-3dbc-11df-9f89-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f8f455b-3dbc-11df-9f89-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2f8f455b-3dbc-11df-9f89-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2f8f455b-3dbc-11df-9f89-00038a000015}\ not found.

File "F:\WD SmartWare.exe" autoplay=true not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfa5e381-e9be-11db-9ee1-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfa5e381-e9be-11db-9ee1-00038a000015}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cfa5e381-e9be-11db-9ee1-00038a000015}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cfa5e381-e9be-11db-9ee1-00038a000015}\ not found.

File G:\LaunchU3.exe -a not found.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook_express\C86F8AB0\8BE3505C folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook_express\C86F8AB0 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook_express folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\E783FB00\F52D1400 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\E783FB00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\DF93BAAC\371170B2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\DF93BAAC folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\CA3C6EBD\371170B2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\CA3C6EBD folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\BAD65C51\371170B2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\BAD65C51 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\A3209A0E\371170B2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\A3209A0E folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\8D77DA03\371170B2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\8D77DA03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\83A62610\371170B2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\83A62610 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\5437E923\F52D1400 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\5437E923 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\2FBBD984\94969B8F folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\2FBBD984 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\2CEAFEE1\94969B8F folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook\2CEAFEE1 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\outlook folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\OFFLINE\mMSI.dll folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\OFFLINE\mIDEFunc.dll folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\OFFLINE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\mMSI.dll folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\mIDEFunc.dll folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\797975EC\1C2479C3 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\797975EC folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\7748A0B2\D79C0A3E folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\7748A0B2\BB5EB52D folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\7748A0B2\2D22976B folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\7748A0B2 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\739D9879\1C2479C3 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\739D9879 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\3362D32B\1C2479C3 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\3362D32B folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\2A868E68\1C2479C3 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization\2A868E68 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\customization folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\EEC6395F\C3B2C531 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\EEC6395F folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\d_\temp\SPAMFI~1\722EE1~1.X\Sources\INSTAL~1\Input\Binaries folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\d_\temp\SPAMFI~1\722EE1~1.X\Sources\INSTAL~1\Input folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\d_\temp\SPAMFI~1\722EE1~1.X\Sources\INSTAL~1 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\d_\temp\SPAMFI~1\722EE1~1.X\Sources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\d_\temp\SPAMFI~1\722EE1~1.X folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\d_\temp\SPAMFI~1 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\d_\temp folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\d_ folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\B2B55D13\6F3D8062 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\B2B55D13 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\A3EBE7E5\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\A3EBE7E5 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\A0204407\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\A0204407 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\9C5CD262\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\9C5CD262 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\98165B6C\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\98165B6C folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\8F470FBE\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\8F470FBE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\7EE61837\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\7EE61837 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\7B601C01\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\7B601C01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\70FE85DB\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\70FE85DB folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\6F2027A1\C3B2C531 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\6F2027A1 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\6978A1E0\C3B2C531 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\6978A1E0 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\66CBAD63\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\66CBAD63 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\5D32769\82856ED7 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\5D32769 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\5CF81F39\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\5CF81F39 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\3C4628C1\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\3C4628C1 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\FE24D2AB folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\F6EDBF4B folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\D85CF837 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\D329712 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\D206743B folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\BF782877 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\B11371EB folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\B01BBCA0 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\AD2708E8 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\8213E081 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\6349EF9A folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\53181382 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E\47E7E09A folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\39E5D79E folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\2CCCB746\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\2CCCB746 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\2C79FC46\C3B2C531 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\2C79FC46 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\2BCAB6EE\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\2BCAB6EE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\1DB7EA61\5904CFDE folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common\1DB7EA61 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41}\common folder moved successfully.

C:\Documents and Settings\All Users\Application Data\{C63260C3-92B8-484F-8B6B-02C69C5AAA41} folder moved successfully.

C:\copyinf.exe moved successfully.

========== FILES ==========

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2822274 bytes

->Flash cache emptied: 405 bytes

User: alice

->Temp folder emptied: 263119 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

->Flash cache emptied: 56468 bytes

User: Linda Lavin

->Temp folder emptied: 387059573 bytes

->Temporary Internet Files folder emptied: 126095761 bytes

->Java cache emptied: 167842410 bytes

->Flash cache emptied: 52209 bytes

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 10159230 bytes

User: NetworkService

->Temp folder emptied: 950272 bytes

->Temporary Internet Files folder emptied: 49976460 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 3142310 bytes

%systemroot%\System32 .tmp files removed: 5004622 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 3988384 bytes

Windows Temp folder emptied: 1505440 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 107757751 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 1322938 bytes

RecycleBin emptied: 470304704 bytes

Total Files Cleaned = 1,276.00 mb

[EMPTYFLASH]

User: Administrator

->Flash cache emptied: 0 bytes

User: alice

User: All Users

User: Default User

->Flash cache emptied: 0 bytes

User: Linda Lavin

->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 07192011_093713

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

***********

2011/07/19 09:49:24.0718 4328 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56

2011/07/19 09:49:25.0156 4328 ================================================================================

2011/07/19 09:49:25.0156 4328 SystemInfo:

2011/07/19 09:49:25.0156 4328

2011/07/19 09:49:25.0156 4328 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/19 09:49:25.0156 4328 Product type: Workstation

2011/07/19 09:49:25.0156 4328 ComputerName: LINDAHOME

2011/07/19 09:49:25.0156 4328 UserName: Linda Lavin

2011/07/19 09:49:25.0156 4328 Windows directory: C:\WINDOWS

2011/07/19 09:49:25.0156 4328 System windows directory: C:\WINDOWS

2011/07/19 09:49:25.0156 4328 Processor architecture: Intel x86

2011/07/19 09:49:25.0156 4328 Number of processors: 2

2011/07/19 09:49:25.0156 4328 Page size: 0x1000

2011/07/19 09:49:25.0156 4328 Boot type: Normal boot

2011/07/19 09:49:25.0156 4328 ================================================================================

2011/07/19 09:49:26.0406 4328 Initialize success

2011/07/19 09:49:33.0109 4872 ================================================================================

2011/07/19 09:49:33.0109 4872 Scan started

2011/07/19 09:49:33.0109 4872 Mode: Manual;

2011/07/19 09:49:33.0109 4872 ================================================================================

2011/07/19 09:49:34.0500 4872 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\System32\DRIVERS\ABP480N5.SYS

2011/07/19 09:49:34.0546 4872 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/19 09:49:34.0578 4872 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/19 09:49:34.0640 4872 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\System32\DRIVERS\adpu160m.sys

2011/07/19 09:49:34.0687 4872 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/19 09:49:34.0750 4872 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/19 09:49:34.0796 4872 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/19 09:49:34.0828 4872 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\System32\DRIVERS\agpCPQ.sys

2011/07/19 09:49:34.0859 4872 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\System32\DRIVERS\aha154x.sys

2011/07/19 09:49:34.0921 4872 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\System32\DRIVERS\aic78u2.sys

2011/07/19 09:49:34.0953 4872 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\System32\DRIVERS\aic78xx.sys

2011/07/19 09:49:35.0015 4872 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\System32\DRIVERS\aliide.sys

2011/07/19 09:49:35.0062 4872 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\System32\DRIVERS\alim1541.sys

2011/07/19 09:49:35.0140 4872 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\System32\DRIVERS\amdagp.sys

2011/07/19 09:49:35.0171 4872 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\System32\DRIVERS\amsint.sys

2011/07/19 09:49:35.0281 4872 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys

2011/07/19 09:49:35.0328 4872 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\System32\DRIVERS\asc.sys

2011/07/19 09:49:35.0359 4872 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\System32\DRIVERS\asc3350p.sys

2011/07/19 09:49:35.0406 4872 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\System32\DRIVERS\asc3550.sys

2011/07/19 09:49:35.0484 4872 Aspi32 (ed8cee58c1e4c5893f5b2fd686a272bf) C:\WINDOWS\system32\drivers\Aspi32.sys

2011/07/19 09:49:35.0531 4872 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/19 09:49:35.0578 4872 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/19 09:49:35.0703 4872 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/19 09:49:35.0781 4872 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/19 09:49:35.0843 4872 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys

2011/07/19 09:49:35.0875 4872 avgntflt (a88d29d928ad2b830e87b53e3f9bc182) C:\WINDOWS\system32\DRIVERS\avgntflt.sys

2011/07/19 09:49:35.0953 4872 avipbb (1289e9a5d9118a25a13c0009519088e3) C:\WINDOWS\system32\DRIVERS\avipbb.sys

2011/07/19 09:49:36.0000 4872 awlegacy (abfe3ab22767eeb5e7d91b1b3bb2901c) C:\WINDOWS\System32\Drivers\awlegacy.sys

2011/07/19 09:49:36.0031 4872 AW_HOST (71c32536b50136e9e439306a2e9296e2) C:\WINDOWS\system32\drivers\aw_host5.sys

2011/07/19 09:49:36.0125 4872 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/19 09:49:36.0203 4872 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/07/19 09:49:36.0234 4872 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys

2011/07/19 09:49:36.0296 4872 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\System32\DRIVERS\cbidf2k.sys

2011/07/19 09:49:36.0328 4872 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/19 09:49:36.0375 4872 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/19 09:49:36.0437 4872 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\System32\DRIVERS\cd20xrnt.sys

2011/07/19 09:49:36.0468 4872 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/19 09:49:36.0515 4872 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/19 09:49:36.0562 4872 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2011/07/19 09:49:36.0593 4872 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2011/07/19 09:49:36.0625 4872 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/19 09:49:36.0687 4872 cdudf_xp (cfd81f2140193fc7f1812e6d6eaf6795) C:\WINDOWS\system32\drivers\cdudf_xp.sys

2011/07/19 09:49:36.0781 4872 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\System32\DRIVERS\cmdide.sys

2011/07/19 09:49:36.0921 4872 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2011/07/19 09:49:36.0984 4872 CO_Mon (6be1d6403727bdd8a2b2568dbe6bfb8b) C:\WINDOWS\system32\Drivers\CO_Mon.sys

2011/07/19 09:49:37.0015 4872 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\System32\DRIVERS\cpqarray.sys

2011/07/19 09:49:37.0062 4872 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys

2011/07/19 09:49:37.0109 4872 CT20XUT.DLL (6191a973461852a09d643609e1d5f7c6) C:\WINDOWS\system32\CT20XUT.DLL

2011/07/19 09:49:37.0265 4872 CTEAPSFX.DLL (6a57f82009563aee8826f117e1d3c72c) C:\WINDOWS\system32\CTEAPSFX.DLL

2011/07/19 09:49:37.0312 4872 CTEDSPFX.DLL (c8ac1ffaeadd655193d7b1811a572d8d) C:\WINDOWS\system32\CTEDSPFX.DLL

2011/07/19 09:49:37.0343 4872 CTEDSPIO.DLL (44495d9daf675257d00b25b041ee6667) C:\WINDOWS\system32\CTEDSPIO.DLL

2011/07/19 09:49:37.0406 4872 CTEDSPSY.DLL (8e90b1762cb42e2fc76dac9210c83c66) C:\WINDOWS\system32\CTEDSPSY.DLL

2011/07/19 09:49:37.0578 4872 CTEXFIFX.DLL (2c48e9d8ca703964463f27ae341115b7) C:\WINDOWS\system32\CTEXFIFX.DLL

2011/07/19 09:49:37.0656 4872 CTHWIUT.DLL (f7657c598e7c29c6683c1e4a8dd68884) C:\WINDOWS\system32\CTHWIUT.DLL

2011/07/19 09:49:37.0796 4872 ctsfm2k (8db84de3aab34a8b4c2f644eff41cd76) C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys

2011/07/19 09:49:37.0859 4872 CVirtA (cb7d7c0e74adcb7da96d08ec8db86062) C:\WINDOWS\system32\DRIVERS\CVirtA.sys

2011/07/19 09:49:37.0906 4872 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\System32\DRIVERS\dac2w2k.sys

2011/07/19 09:49:37.0937 4872 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\System32\DRIVERS\dac960nt.sys

2011/07/19 09:49:38.0000 4872 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/19 09:49:38.0046 4872 DLKRTS (156af70b4f2dfbb92544e41b894580c7) C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS

2011/07/19 09:49:38.0109 4872 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/19 09:49:38.0187 4872 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\DRIVERS\dmio.sys

2011/07/19 09:49:38.0218 4872 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/19 09:49:38.0265 4872 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/19 09:49:38.0328 4872 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\System32\DRIVERS\dpti2o.sys

2011/07/19 09:49:38.0375 4872 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/19 09:49:38.0437 4872 dvd_2K (677829f7010768eeeed8d0083e510dab) C:\WINDOWS\system32\drivers\dvd_2K.sys

2011/07/19 09:49:38.0500 4872 E100B (d57a8fc800b501ac05b10d00f66d127a) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/19 09:49:38.0546 4872 EL90XBC (6e883bf518296a40959131c2304af714) C:\WINDOWS\system32\DRIVERS\el90xbc5.sys

2011/07/19 09:49:38.0609 4872 EUBAKUP (1fc4211733c428c7089f6025559581d1) C:\WINDOWS\system32\drivers\eubakup.sys

2011/07/19 09:49:38.0656 4872 EUBKMON (822a9bd84571d4524c9cc00d4fd69108) C:\WINDOWS\system32\drivers\EUBKMON.sys

2011/07/19 09:49:38.0687 4872 EUDISK (7f6b645f430191ff235e657fc0016551) C:\WINDOWS\system32\drivers\eudisk.sys

2011/07/19 09:49:38.0718 4872 EUDSKACS (cf10797dd2215ffc2e015d182384dd59) C:\WINDOWS\system32\drivers\eudskacs.sys

2011/07/19 09:49:38.0765 4872 EUFS (57ff011f09bc272a69926e7f35e9bfb1) C:\WINDOWS\system32\drivers\eufs.sys

2011/07/19 09:49:38.0828 4872 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/19 09:49:38.0875 4872 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/19 09:49:38.0906 4872 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/19 09:49:38.0937 4872 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/19 09:49:39.0000 4872 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/19 09:49:39.0031 4872 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/19 09:49:39.0062 4872 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/19 09:49:39.0093 4872 Gernuwa (fd25177ced6751c14de170d8282ced90) C:\WINDOWS\system32\drivers\Gernuwa.sys

2011/07/19 09:49:39.0218 4872 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/19 09:49:39.0312 4872 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys

2011/07/19 09:49:39.0343 4872 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/19 09:49:39.0390 4872 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\System32\DRIVERS\hpn.sys

2011/07/19 09:49:39.0453 4872 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys

2011/07/19 09:49:39.0500 4872 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys

2011/07/19 09:49:39.0531 4872 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys

2011/07/19 09:49:39.0578 4872 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/19 09:49:39.0609 4872 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/19 09:49:39.0656 4872 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\System32\DRIVERS\i2omp.sys

2011/07/19 09:49:39.0703 4872 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/19 09:49:39.0750 4872 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/07/19 09:49:39.0796 4872 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/07/19 09:49:39.0843 4872 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/07/19 09:49:39.0875 4872 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/07/19 09:49:39.0906 4872 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/07/19 09:49:39.0953 4872 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/07/19 09:49:40.0000 4872 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/07/19 09:49:40.0031 4872 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/07/19 09:49:40.0093 4872 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/07/19 09:49:40.0156 4872 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/07/19 09:49:40.0234 4872 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/19 09:49:40.0265 4872 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\System32\DRIVERS\ini910u.sys

2011/07/19 09:49:40.0328 4872 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\System32\DRIVERS\intelide.sys

2011/07/19 09:49:40.0375 4872 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/19 09:49:40.0437 4872 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/19 09:49:40.0468 4872 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/19 09:49:40.0515 4872 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/19 09:49:40.0562 4872 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/19 09:49:40.0593 4872 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/19 09:49:40.0656 4872 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/19 09:49:40.0703 4872 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/19 09:49:40.0750 4872 ivusb (226bd65b1254e49cb3e83af9e78e5f8b) C:\WINDOWS\system32\DRIVERS\ivusb.sys

2011/07/19 09:49:40.0796 4872 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/19 09:49:40.0843 4872 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/19 09:49:40.0890 4872 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/19 09:49:40.0937 4872 l8042pr2 (80794cc09e6aea4c10ec35ae6ba86ad4) C:\WINDOWS\system32\DRIVERS\L8042Pr2.sys

2011/07/19 09:49:41.0015 4872 LKbdFlt2 (b3e69110fba2c07b634e6bf20fe9f9ac) C:\WINDOWS\system32\DRIVERS\LKbdFlt2.sys

2011/07/19 09:49:41.0109 4872 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys

2011/07/19 09:49:41.0156 4872 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys

2011/07/19 09:49:41.0234 4872 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys

2011/07/19 09:49:41.0281 4872 LMouFlt2 (6d8f6f74341d804a2552d5c6edc98cb9) C:\WINDOWS\system32\DRIVERS\LMouFlt2.sys

2011/07/19 09:49:41.0343 4872 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys

2011/07/19 09:49:41.0406 4872 LVRS (b6e1ccd6572984adcae68439afd07011) C:\WINDOWS\system32\DRIVERS\lvrs.sys

2011/07/19 09:49:41.0531 4872 LVUVC (6c42815dd57e397f0cd988304b5eb4b3) C:\WINDOWS\system32\DRIVERS\lvuvc.sys

2011/07/19 09:49:41.0625 4872 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2011/07/19 09:49:41.0671 4872 mmc_2K (9b90303a9c9405a6ce1466ff4aa20fdd) C:\WINDOWS\system32\drivers\mmc_2K.sys

2011/07/19 09:49:41.0718 4872 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/19 09:49:41.0765 4872 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/19 09:49:41.0812 4872 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/07/19 09:49:41.0859 4872 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/19 09:49:41.0906 4872 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/19 09:49:41.0953 4872 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\System32\DRIVERS\mraid35x.sys

2011/07/19 09:49:42.0078 4872 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/19 09:49:42.0156 4872 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/19 09:49:42.0187 4872 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/19 09:49:42.0234 4872 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/19 09:49:42.0265 4872 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/19 09:49:42.0296 4872 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/19 09:49:42.0343 4872 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/19 09:49:42.0375 4872 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/19 09:49:42.0437 4872 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/19 09:49:42.0453 4872 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/19 09:49:42.0578 4872 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/19 09:49:42.0640 4872 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/19 09:49:42.0671 4872 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/19 09:49:42.0703 4872 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/19 09:49:42.0734 4872 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/19 09:49:42.0781 4872 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/19 09:49:42.0828 4872 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/19 09:49:42.0875 4872 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/19 09:49:42.0968 4872 NgFilter (9db9c519b21ecf15eb836e54e6834fea) C:\WINDOWS\system32\DRIVERS\ngfilter.sys

2011/07/19 09:49:43.0000 4872 NgLog (7fa3517600103a373e3b638dc2c81d87) C:\WINDOWS\system32\DRIVERS\nglog.sys

2011/07/19 09:49:43.0062 4872 NgVpn (d20cb6da84af0661a334dd746ecba914) C:\WINDOWS\system32\DRIVERS\ngvpn.sys

2011/07/19 09:49:43.0109 4872 NgWfp (0a963a28da18dfea1feb1242b71d46ac) C:\WINDOWS\system32\DRIVERS\ngwfp.sys

2011/07/19 09:49:43.0156 4872 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys

2011/07/19 09:49:43.0203 4872 NPDriver (0aff8ad6bee50ff4505599aff92c8ad7) C:\WINDOWS\system32\Drivers\NPDRIVER.SYS

2011/07/19 09:49:43.0265 4872 NPF (b9730495e0cf674680121e34bd95a73b) C:\WINDOWS\system32\drivers\npf.sys

2011/07/19 09:49:43.0328 4872 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/19 09:49:43.0421 4872 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/19 09:49:43.0718 4872 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/19 09:49:43.0890 4872 nv (9f4384aa43548ddd438f7b7825d11699) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/19 09:49:44.0265 4872 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/19 09:49:44.0328 4872 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/19 09:49:44.0406 4872 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys

2011/07/19 09:49:44.0468 4872 omci (53d5f1278d9edb21689bbbcecc09108d) C:\WINDOWS\system32\DRIVERS\omci.sys

2011/07/19 09:49:44.0515 4872 ossrv (103a9b117a7d9903111955cdafe65ac6) C:\WINDOWS\system32\drivers\ctoss2k.sys

2011/07/19 09:49:44.0593 4872 P17 (4988ac8b88c9814ccb0b2f93869af1e0) C:\WINDOWS\system32\drivers\P17.sys

2011/07/19 09:49:44.0625 4872 P3 (c90018bafdc7098619a4a95b046b30f3) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/07/19 09:49:44.0703 4872 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/19 09:49:44.0750 4872 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/19 09:49:44.0796 4872 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/19 09:49:44.0843 4872 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/19 09:49:44.0921 4872 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/19 09:49:44.0953 4872 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/19 09:49:45.0109 4872 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\System32\DRIVERS\perc2.sys

2011/07/19 09:49:45.0140 4872 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\System32\DRIVERS\perc2hib.sys

2011/07/19 09:49:45.0234 4872 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/19 09:49:45.0265 4872 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/07/19 09:49:45.0312 4872 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/19 09:49:45.0343 4872 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/19 09:49:45.0375 4872 pwd_2k (d8b90616a8bd53de281dbdb664c0984a) C:\WINDOWS\system32\drivers\pwd_2k.sys

2011/07/19 09:49:45.0421 4872 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/19 09:49:45.0468 4872 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\System32\DRIVERS\ql1080.sys

2011/07/19 09:49:45.0500 4872 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\System32\DRIVERS\ql10wnt.sys

2011/07/19 09:49:45.0546 4872 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\System32\DRIVERS\ql12160.sys

2011/07/19 09:49:45.0578 4872 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\System32\DRIVERS\ql1240.sys

2011/07/19 09:49:45.0609 4872 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\System32\DRIVERS\ql1280.sys

2011/07/19 09:49:45.0671 4872 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/19 09:49:45.0703 4872 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/19 09:49:45.0734 4872 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/19 09:49:45.0765 4872 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/19 09:49:45.0828 4872 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/19 09:49:45.0859 4872 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/19 09:49:45.0921 4872 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/19 09:49:45.0984 4872 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/19 09:49:46.0031 4872 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/19 09:49:46.0109 4872 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/07/19 09:49:46.0171 4872 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS

2011/07/19 09:49:46.0218 4872 s3legacy (4294fdf954125ce9e39e68f826415c29) C:\WINDOWS\system32\DRIVERS\s3legacy.sys

2011/07/19 09:49:46.0312 4872 SDdriver (074da08e844ded21731c38e8395ebd3b) C:\WINDOWS\system32\Drivers\sddriver.sys

2011/07/19 09:49:46.0359 4872 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/19 09:49:46.0421 4872 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/19 09:49:46.0453 4872 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/19 09:49:46.0515 4872 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/19 09:49:46.0593 4872 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\System32\DRIVERS\sisagp.sys

2011/07/19 09:49:46.0640 4872 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/19 09:49:46.0703 4872 snapman (c3bf55189aa92b8f919108ef9e4accae) C:\WINDOWS\system32\DRIVERS\snapman.sys

2011/07/19 09:49:46.0750 4872 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\System32\DRIVERS\sparrow.sys

2011/07/19 09:49:46.0812 4872 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/19 09:49:46.0843 4872 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/19 09:49:46.0906 4872 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/19 09:49:46.0953 4872 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys

2011/07/19 09:49:47.0000 4872 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/19 09:49:47.0046 4872 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/19 09:49:47.0078 4872 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/19 09:49:47.0140 4872 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\System32\DRIVERS\symc810.sys

2011/07/19 09:49:47.0171 4872 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\System32\DRIVERS\symc8xx.sys

2011/07/19 09:49:47.0234 4872 SymEvent (c9b8f325b2a22cda1bda7b25181b1389) C:\Program Files\Symantec\SYMEVENT.SYS

2011/07/19 09:49:47.0281 4872 symlcbrd (6596892dd5abbe48f5876a551867a166) C:\WINDOWS\system32\drivers\symlcbrd.sys

2011/07/19 09:49:47.0328 4872 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\System32\DRIVERS\sym_hi.sys

2011/07/19 09:49:47.0359 4872 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\System32\DRIVERS\sym_u3.sys

2011/07/19 09:49:47.0421 4872 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/19 09:49:47.0484 4872 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/19 09:49:47.0531 4872 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/19 09:49:47.0593 4872 tdrpman (3b7b6779eb231f731bba8f9fe67aadfc) C:\WINDOWS\system32\DRIVERS\tdrpman.sys

2011/07/19 09:49:47.0640 4872 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/19 09:49:47.0703 4872 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/19 09:49:47.0750 4872 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\WINDOWS\system32\DRIVERS\tifsfilt.sys

2011/07/19 09:49:47.0796 4872 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\WINDOWS\system32\DRIVERS\timntr.sys

2011/07/19 09:49:47.0859 4872 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\System32\DRIVERS\toside.sys

2011/07/19 09:49:47.0906 4872 UdfReadr_xp (4e75005b74be901c30f2636df40b0c15) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys

2011/07/19 09:49:47.0968 4872 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/19 09:49:48.0000 4872 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\System32\DRIVERS\ultra.sys

2011/07/19 09:49:48.0062 4872 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/19 09:49:48.0140 4872 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/19 09:49:48.0187 4872 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/19 09:49:48.0234 4872 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/19 09:49:48.0281 4872 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/19 09:49:48.0312 4872 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/07/19 09:49:48.0359 4872 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/19 09:49:48.0375 4872 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/19 09:49:48.0421 4872 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/19 09:49:48.0468 4872 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/19 09:49:48.0500 4872 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2011/07/19 09:49:48.0546 4872 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/19 09:49:48.0578 4872 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\System32\DRIVERS\viaagp.sys

2011/07/19 09:49:48.0609 4872 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\System32\DRIVERS\viaide.sys

2011/07/19 09:49:48.0671 4872 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS

2011/07/19 09:49:48.0718 4872 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys

2011/07/19 09:49:48.0765 4872 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/19 09:49:48.0843 4872 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/19 09:49:48.0921 4872 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys

2011/07/19 09:49:49.0000 4872 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/19 09:49:49.0125 4872 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/19 09:49:49.0203 4872 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/19 09:49:49.0250 4872 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/19 09:49:49.0328 4872 MBR (0x1B8) (35c6b2fcde68facbefe0a4a7200bae58) \Device\Harddisk0\DR0

2011/07/19 09:49:49.0453 4872 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

2011/07/19 09:49:49.0562 4872 Boot (0x1200) (65bb8b5ea5eee8afd5270bd67c51191b) \Device\Harddisk0\DR0\Partition0

2011/07/19 09:49:49.0578 4872 Boot (0x1200) (308e4213bbebcbed5d9267510051801f) \Device\Harddisk1\DR1\Partition0

2011/07/19 09:49:49.0578 4872 ================================================================================

2011/07/19 09:49:49.0578 4872 Scan finished

2011/07/19 09:49:49.0578 4872 ================================================================================

2011/07/19 09:49:49.0609 4864 Detected object count: 0

2011/07/19 09:49:49.0609 4864 Actual detected object count: 0

Link to post
Share on other sites

hi

Step 1

Update MalwareBytes AntiMalware and Run a Quick Scan.

Post the log it produces

Step 2

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Things i would like to see in your reply:

  • Malwarebytes Results.
  • Eset scanner report.
  • Update on how your computer is running

Link to post
Share on other sites

Hi AliB,

I'm sorry, I don't think I ran the OTL Quick Scan after running the OTL fix scan. So here is that log:

OTL logfile created on: 7/19/2011 3:23:06 PM - Run 2

OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\Linda Lavin\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.23 Gb Available Physical Memory | 74.41% Memory free

5.85 Gb Paging File | 4.86 Gb Available in Paging File | 83.15% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.49 Gb Total Space | 411.15 Gb Free Space | 88.33% Space Free | Partition Type: NTFS

Drive F: | 298.09 Gb Total Space | 49.89 Gb Free Space | 16.74% Space Free | Partition Type: NTFS

Drive S: | 298.02 Gb Total Space | 156.81 Gb Free Space | 52.62% Space Free | Partition Type: FAT

Computer Name: LINDAHOME | User Name: Linda Lavin | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/18 22:18:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Lavin\Desktop\OTL.scr

PRC - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe

PRC - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

PRC - [2011/04/25 20:27:44 | 000,733,576 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe

PRC - [2011/04/22 18:26:18 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe

PRC - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe

PRC - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe

PRC - [2011/03/04 12:01:01 | 001,143,944 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\FighterSuiteService.exe

PRC - [2011/03/04 12:00:41 | 000,214,664 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\SPAMfighter\sfus.exe

PRC - [2011/03/04 12:00:36 | 000,843,400 | ---- | M] (SPAMfighter ApS) -- C:\Program Files\Fighters\SPAMfighter\sfagent.exe

PRC - [2011/03/01 23:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe

PRC - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe

PRC - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2010/08/22 12:56:05 | 000,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2010/05/14 11:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe

PRC - [2010/04/16 12:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynUpSvc.exe

PRC - [2010/04/15 15:32:14 | 000,091,504 | ---- | M] (Dynamic Network Services, Inc.) -- C:\Program Files\DynDNS Updater\DynTray.exe

PRC - [2010/04/01 14:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/03/02 12:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/02/24 11:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/01/14 23:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2009/10/20 21:12:04 | 001,712,128 | ---- | M] () -- c:\TAI\Basis\BASIS License Manager\basis.exe

PRC - [2009/10/20 21:12:04 | 001,500,424 | ---- | M] (Acresso Software Inc.) -- c:\TAI\Basis\BASIS License Manager\basis_lmgrd.exe

PRC - [2009/10/16 19:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe

PRC - [2009/10/16 19:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe

PRC - [2009/10/16 19:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe

PRC - [2009/10/16 19:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe

PRC - [2008/11/03 16:46:54 | 000,221,765 | ---- | M] (Aventail Corporation) -- C:\WINDOWS\SYSTEM32\ngvpnmgr.exe

PRC - [2008/08/11 12:41:00 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/09/19 04:33:46 | 000,282,624 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

PRC - [2007/09/05 14:06:56 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe

PRC - [2007/01/09 17:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

PRC - [2007/01/09 17:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

PRC - [2007/01/09 17:32:02 | 000,058,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

PRC - [2005/12/12 16:03:54 | 000,417,855 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe

PRC - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe

PRC - [2005/12/08 18:12:08 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2005/05/28 09:06:18 | 000,819,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2004/08/30 23:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE

PRC - [2003/12/11 06:09:34 | 000,046,592 | R--- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\wdsvc.exe

PRC - [2003/11/12 13:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) -- C:\Program Files\Dantz\Retrospect\retrorun.exe

PRC - [2003/10/31 11:01:00 | 000,106,496 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe

PRC - [2002/12/17 13:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe

PRC - [2002/08/14 19:22:52 | 000,028,672 | R--- | M] (Dell - Advanced Desktop Engineering) -- C:\WINDOWS\SYSTEM32\DSentry.exe

PRC - [2002/07/01 09:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE

========== Modules (SafeList) ==========

MOD - [2011/07/18 22:18:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Lavin\Desktop\OTL.scr

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2002/07/01 09:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL

========== Win32 Services (SafeList) ==========

SRV - [2011/07/06 16:32:20 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)

SRV - [2011/07/06 16:32:14 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)

SRV - [2011/04/22 18:26:18 | 000,056,200 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup\bin\Agent.exe -- (EASEUS Agent)

SRV - [2011/04/01 05:11:52 | 000,428,640 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)

SRV - [2011/03/04 12:01:01 | 001,143,944 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\FighterSuiteService.exe -- (Suite Service)

SRV - [2011/03/04 12:00:41 | 000,214,664 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files\Fighters\SPAMfighter\sfus.exe -- (SPAMfighter Update Service)

SRV - [2010/11/08 13:04:18 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)

SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2010/04/16 12:19:28 | 000,103,800 | ---- | M] (Dynamic Network Services, Inc.) [Auto | Running] -- C:\Program Files\DynDNS Updater\DynUpSvc.exe -- (DynDNS Updater)

SRV - [2010/04/01 14:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/02/24 11:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2009/10/20 21:12:04 | 001,500,424 | ---- | M] (Acresso Software Inc.) [Auto | Running] -- c:\tai\basis\BASIS License Manager\basis_lmgrd.exe -- (basis_lmgrd)

SRV - [2009/10/20 14:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)

SRV - [2009/10/16 19:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)

SRV - [2008/11/03 16:46:54 | 000,221,765 | ---- | M] (Aventail Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ngvpnmgr.exe -- (NgVpnMgr)

SRV - [2007/01/09 17:32:04 | 000,181,864 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2007/01/09 17:32:04 | 000,079,464 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)

SRV - [2007/01/09 17:32:02 | 000,198,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2005/12/12 16:02:24 | 000,176,193 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)

SRV - [2005/12/08 18:12:08 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2005/12/08 18:12:08 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2005/05/28 09:06:18 | 000,819,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2004/08/30 23:52:10 | 000,095,328 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE -- (NProtectService)

SRV - [2004/08/30 23:50:38 | 000,181,416 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton SystemWorks\Norton Utilities\Speed Disk\NOPDB.exe -- (Speed Disk service)

SRV - [2003/12/11 06:09:34 | 000,046,592 | R--- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\wdsvc.exe -- (RetroWDSvc)

SRV - [2003/11/12 13:46:34 | 000,110,592 | ---- | M] (Dantz Development Corporation) [Auto | Stopped] -- C:\Program Files\Dantz\Retrospect\rthlpsvc.exe -- (Retrospect Helper)

SRV - [2003/11/12 13:46:34 | 000,049,152 | ---- | M] (Dantz Development Corporation) [Auto | Running] -- C:\Program Files\Dantz\Retrospect\retrorun.exe -- (RetroLauncher)

SRV - [2003/10/31 11:01:00 | 000,106,496 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)

SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)

========== Driver Services (SafeList) ==========

DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)

DRV - [2011/04/22 18:26:12 | 000,035,720 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)

DRV - [2011/04/22 18:26:08 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)

DRV - [2011/04/22 18:26:06 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eudskacs.sys -- (EUDSKACS)

DRV - [2011/04/22 18:26:04 | 000,030,600 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)

DRV - [2011/04/22 18:26:02 | 000,187,528 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\eudisk.sys -- (EUDISK)

DRV - [2011/04/01 05:11:10 | 004,333,280 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvuvc.sys -- (LVUVC) Logitech Webcam C260(UVC)

DRV - [2011/04/01 05:09:48 | 000,291,424 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvrs.sys -- (LVRS)

DRV - [2010/11/20 15:06:35 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2010/11/20 15:06:35 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\tifsfilt.sys -- (tifsfilter)

DRV - [2010/11/20 15:06:26 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2010/11/20 15:06:20 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2010/05/07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2010/03/01 11:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avipbb.sys -- (avipbb)

DRV - [2010/02/16 15:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\avgntflt.sys -- (avgntflt)

DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)

DRV - [2009/10/20 14:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\npf.sys -- (NPF)

DRV - [2009/05/11 13:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/05/11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssmdrv.sys -- (ssmdrv)

DRV - [2009/03/11 16:19:00 | 000,024,216 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ivusb.sys -- (ivusb)

DRV - [2009/02/26 02:29:58 | 001,142,272 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P17.sys -- (P17)

DRV - [2009/02/13 15:02:52 | 000,011,520 | R--- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wdcsam.sys -- (WDC_SAM)

DRV - [2008/11/03 16:46:14 | 000,023,192 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngwfp.sys -- (NgWfp)

DRV - [2008/11/03 16:46:06 | 000,020,632 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngfilter.sys -- (NgFilter)

DRV - [2008/11/03 16:46:00 | 000,077,464 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ngvpn.sys -- (NgVpn)

DRV - [2008/11/03 16:44:36 | 000,025,240 | ---- | M] (Aventail Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\nglog.sys -- (NgLog)

DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMIRfsDriver.sys -- (LMIRfsDriver)

DRV - [2008/08/11 12:41:00 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)

DRV - [2007/04/12 09:10:26 | 000,164,608 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CT20XUT.DLL -- (CT20XUT.DLL)

DRV - [2007/04/12 09:10:26 | 000,066,816 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTHWIUT.DLL -- (CTHWIUT.DLL)

DRV - [2007/04/12 09:10:24 | 001,317,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEXFIFX.DLL -- (CTEXFIFX.DLL)

DRV - [2007/04/12 09:10:22 | 000,323,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPSY.DLL -- (CTEDSPSY.DLL)

DRV - [2007/04/12 09:10:22 | 000,128,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPIO.DLL -- (CTEDSPIO.DLL)

DRV - [2007/04/12 09:10:20 | 000,280,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEDSPFX.DLL -- (CTEDSPFX.DLL)

DRV - [2007/04/12 09:10:18 | 000,168,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\CTEAPSFX.DLL -- (CTEAPSFX.DLL)

DRV - [2007/02/02 03:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)

DRV - [2007/02/02 03:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)

DRV - [2006/09/15 22:52:12 | 000,124,016 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)

DRV - [2006/03/02 16:25:53 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys -- (CO_Mon)

DRV - [2005/05/28 09:06:19 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys -- (symlcbrd)

DRV - [2005/01/10 06:15:30 | 000,106,496 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv)

DRV - [2005/01/10 06:15:24 | 000,138,752 | R--- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k)

DRV - [2004/08/30 23:38:36 | 000,081,748 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\NPDRIVER.SYS -- (NPDriver)

DRV - [2004/08/30 23:23:22 | 000,090,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\SdDriver.SYS -- (SDdriver)

DRV - [2004/08/04 01:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)

DRV - [2004/08/04 01:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)

DRV - [2004/08/04 01:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)

DRV - [2004/08/04 01:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)

DRV - [2004/08/04 01:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)

DRV - [2004/08/04 01:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)

DRV - [2004/08/04 01:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)

DRV - [2004/08/04 01:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)

DRV - [2004/08/04 01:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)

DRV - [2004/08/04 01:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)

DRV - [2004/08/03 23:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)

DRV - [2004/06/26 13:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vnccom.SYS -- (vnccom)

DRV - [2004/06/26 13:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\vncdrv.sys -- (vncdrv)

DRV - [2003/10/23 10:32:20 | 000,016,984 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\AW_HOST5.sys -- (AW_HOST)

DRV - [2003/05/27 22:01:35 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)

DRV - [2003/05/27 22:01:35 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2k)

DRV - [2003/05/27 22:01:35 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)

DRV - [2003/05/27 22:01:35 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)

DRV - [2003/05/01 13:26:34 | 000,005,220 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\CVirtA.sys -- (CVirtA)

DRV - [2003/04/21 14:08:44 | 000,010,901 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)

DRV - [2003/04/21 13:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)

DRV - [2002/12/17 13:27:32 | 000,241,152 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)

DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)

DRV - [2002/08/14 15:03:36 | 000,017,005 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)

DRV - [2002/07/02 12:20:51 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LMouFlt2.sys -- (LMouFlt2)

DRV - [2002/07/02 12:20:51 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\LKbdFlt2.sys -- (LKbdFlt2)

DRV - [2002/07/02 12:20:50 | 000,050,830 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\L8042Pr2.sys -- (l8042pr2)

DRV - [2001/08/17 13:57:46 | 000,065,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\s3legacy.sys -- (s3legacy)

DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)

DRV - [2000/07/18 10:18:54 | 000,029,820 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\DLKRTS.sys -- (DLKRTS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie'>http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie'>http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"

FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - prefs.js..network.proxy.http: ""

FF - prefs.js..network.proxy.http_port: ""

FF - prefs.js..network.proxy.type: ""

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll File not found

FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Documents and Settings\Linda Lavin\Application Data\Facebook\npfbplugin_1_0_3.dll ( )

FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Documents and Settings\Linda Lavin\Application Data\nprhapengine.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 12:19:19 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/28 12:19:19 | 000,000,000 | ---D | M]

[2011/07/19 09:37:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions

[2005/02/05 15:09:55 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Linda Lavin\Application Data\Mozilla\Firefox\Profiles\j1fmdyvd.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2011/07/04 12:13:19 | 000,435,452 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 www.0scan.com

O1 - Hosts: 127.0.0.1 0scan.com

O1 - Hosts: 127.0.0.1 1000gratisproben.com

O1 - Hosts: 127.0.0.1 www.1000gratisproben.com

O1 - Hosts: 127.0.0.1 1001namen.com

O1 - Hosts: 127.0.0.1 www.1001namen.com

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 www.1-2005-search.com

O1 - Hosts: 127.0.0.1 1-2005-search.com

O1 - Hosts: 14987 more lines...

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [CTSysVol] C:\Program Files\RocketFish\RF5.1\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)

O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering)

O4 - HKLM..\Run: [EaseUs Tray] C:\Program Files\EASEUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)

O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )

O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()

O4 - HKLM..\Run: [seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)

O4 - HKLM..\Run: [sfagent] C:\Program Files\Fighters\SPAMfighter\sfagent.exe (SPAMfighter ApS)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [setDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DynDNS Updater Tray Icon.lnk = C:\Program Files\DynDNS Updater\DynTray.exe (Dynamic Network Services, Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe (Logitech)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 0

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll (Google Inc.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKCU\..Trusted Domains: ([]msn in My Computer)

O15 - HKCU\..Trusted Domains: basis.com ([www] http in Trusted sites)

O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)

O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)

O15 - HKCU\..Trusted Domains: TAICONSULTING.COM ([WEB] https in Trusted sites)

O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)

O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)

O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://us.creative.com/support/downloads/su/ocx/12119/CTSUEng.cab (Creative Software AutoUpdate)

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab (LSSupCtl Class)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)

O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab (Reg Error: Key error.)

O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} http://i.dell.com/images/global/js/scanner/SysProExe.cab (Scanner.SysScanner)

O16 - DPF: {38F5F92F-BD40-40DF-A569-6C1FCB638190} http://www.powerleap.com/cab_files/InSPECS3_0.cab (InSPECS3_0 Control)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc.cab (Office Update Installation Engine)

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab (DLM Control)

O16 - DPF: {4EE301F2-2A6A-4BE0-9FBD-97CDAA40E3E4} http://i1img.com/images/nocache/copilot/i1initialsetup1.0.0.5.cab (Reg Error: Key error.)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1108092747750 (WUWebControl Class)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} http://cc.iwon.com/ct/pm3/iWonPMSetup_12_1,0,2,5.exe (Reg Error: Key error.)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://10.10.10.5/Remote/msrdp.cab (Microsoft RDP Client Control (redist))

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} http://u3.sandisk.com/download/apps/LPInstaller.CAB (CInstallLPCtrl Object)

O16 - DPF: {AA299E98-6FB5-409F-99D3-D30D749F4864} http://k.itswv.net/inc/kaxRemote.dll (kasRmtHlp Class)

O16 - DPF: {AB9820A0-02A9-11D5-A72F-004F4E002BD6} http://igweb04.iamgame.com/java2/cabs/swing.cab (JFC Classes)

O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Registry Information Class)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab (ActiveDataInfo Class)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} https://jackpotcity.microgaming.com/jackpotcity/FlashAX.cab (FlashXControl Object)

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {E2F9D054-D2B5-4CE8-9BDF-8BF3A81DB7E9} http://download.microsoft.com/download/a/3/7/a377aea1-7b14-4fa1-933c-43e657b37995/ProductIDGatherer.CAB (ProductIDGatherer.WindowsGatherer)

O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab (ActiveDataObj Class)

O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?319 (QDiagHUpdateObj Class)

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://us.creative.com/support/downloads/su/ocx/12119/CTPID.cab (Reg Error: Key error.)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O16 - DPF: DirectAnimation Java Classes Reg Error: Value error. (Reg Error: Key error.)

O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/02/10 23:02:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2008/08/26 20:13:24 | 000,000,000 | ---D | M] - S:\autorun -- [ FAT ]

O32 - AutoRun File - [2008/02/25 11:30:42 | 000,000,054 | -H-- | M] () - S:\autorun.inf -- [ FAT ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/19 12:00:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2011/07/19 09:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Lavin\Desktop\tdsskiller

[2011/07/19 09:37:13 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/07/18 22:18:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Linda Lavin\Desktop\OTL.scr

[2011/07/18 21:50:42 | 001,913,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Linda Lavin\Desktop\aswMBR.exe

[2011/07/09 21:18:08 | 000,000,000 | -HSD | C] -- C:\BOOT

[2011/07/09 21:18:00 | 000,187,528 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudisk.sys

[2011/07/09 21:18:00 | 000,020,744 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eufs.sys

[2011/07/09 21:18:00 | 000,014,216 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eudskacs.sys

[2011/07/09 21:17:59 | 000,030,600 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\drivers\eubakup.sys

[2011/07/09 21:17:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Todo Backup 2.5.1

[2011/07/09 21:15:05 | 000,018,824 | ---- | C] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\System32\fbnative.exe

[2011/07/09 21:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS

[2011/07/07 20:34:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Lavin\My Documents\pool

[2011/07/06 16:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update

[2011/07/04 22:40:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax Business 2010

[2011/07/04 22:28:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TurboTax 2010

[2011/07/04 17:21:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TweakNow RegCleaner 2011

[2011/07/04 17:21:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Lavin\Application Data\TweakNow RegCleaner 2011

[2011/07/04 15:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wise PC Engineer

[2011/07/04 15:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Wise PC Engineer

[2011/07/03 17:33:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Linda Lavin\My Documents\virus_redirector07022011

[2011/07/03 17:18:19 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Linda Lavin\Recent

[2011/07/03 14:41:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/07/03 14:15:14 | 000,189,520 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2011/07/03 05:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2011/07/03 02:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner

[2009/06/23 12:49:14 | 000,065,536 | R--- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/19 15:20:29 | 000,021,970 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\My Documents\HOW TO DELETE EBATES.rtf

[2011/07/19 15:04:40 | 000,091,136 | ---- | M] () -- C:\WINDOWS\outlook.pst

[2011/07/19 14:58:32 | 000,002,525 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk

[2011/07/19 14:49:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2011/07/19 11:49:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2011/07/19 09:46:29 | 000,437,914 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT

[2011/07/19 09:46:29 | 000,069,834 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

[2011/07/19 09:44:28 | 000,127,141 | ---- | M] () -- C:\logfile

[2011/07/19 09:43:10 | 000,186,097 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2011/07/19 09:42:50 | 000,012,626 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL

[2011/07/19 09:41:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT

[2011/07/19 09:41:22 | 3220,246,528 | -HS- | M] () -- C:\hiberfil.sys

[2011/07/19 09:36:01 | 001,383,430 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\tdsskiller.zip

[2011/07/19 04:54:22 | 000,480,768 | -HS- | M] () -- C:\{DD97ED8E-4481-4949-B70B-04DEAA7EBFA1}.CBM

[2011/07/19 04:54:22 | 000,004,096 | -HS- | M] () -- C:\{463CF13E-9FCE-46E4-A2DF-EF5EE05AB18A}.CBM

[2011/07/19 04:00:04 | 000,477,184 | -HS- | M] () -- C:\EUMONBMP.SYS

[2011/07/19 01:00:02 | 000,000,326 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

[2011/07/19 00:00:00 | 000,000,320 | ---- | M] () -- C:\WINDOWS\tasks\Symantec Drmc.job

[2011/07/18 22:29:52 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\MBR.dat

[2011/07/18 22:18:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Linda Lavin\Desktop\OTL.scr

[2011/07/18 21:50:43 | 001,913,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Linda Lavin\Desktop\aswMBR.exe

[2011/07/18 15:03:23 | 000,001,584 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\6.3 T9.lnk

[2011/07/18 10:24:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2011/07/16 16:33:12 | 050,331,648 | ---- | M] () -- C:\WINDOWS\mailbox.pst

[2011/07/16 12:38:15 | 000,000,304 | ---- | M] () -- C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

[2011/07/16 11:11:51 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

[2011/07/15 15:43:52 | 000,004,696 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/07/11 21:47:45 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\Microsoft Word.lnk

[2011/07/10 19:25:01 | 000,000,448 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job

[2011/07/09 21:18:08 | 000,194,748 | -HS- | M] () -- C:\EASEUSLD.LDR

[2011/07/09 21:17:58 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Todo Backup Free 2.5.1.lnk

[2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2011/07/06 16:32:48 | 000,083,360 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIRfsClientNP.dll

[2011/07/06 16:32:28 | 000,087,424 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIinit.dll

[2011/07/06 16:32:28 | 000,029,568 | ---- | M] (LogMeIn, Inc.) -- C:\WINDOWS\System32\LMIport.dll

[2011/07/06 13:01:28 | 000,135,923 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\My Documents\WeaKnees_Invoice.pdf

[2011/07/06 11:50:57 | 000,000,981 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk

[2011/07/06 11:50:57 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\Spybot - Search & Destroy.lnk

[2011/07/04 22:40:02 | 000,001,884 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Business 2010.lnk

[2011/07/04 22:28:39 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk

[2011/07/04 20:17:39 | 000,002,393 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Desktop\TurboTax 2009.lnk

[2011/07/04 12:13:19 | 000,435,452 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts

[2011/07/04 12:08:55 | 000,434,784 | R--- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.20110704-121319.backup

[2011/07/03 14:14:40 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\housecall.guid.cache

[3 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/19 12:41:50 | 000,021,970 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\My Documents\HOW TO DELETE EBATES.rtf

[2011/07/19 09:35:56 | 001,383,430 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Desktop\tdsskiller.zip

[2011/07/18 22:29:52 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Desktop\MBR.dat

[2011/07/14 04:52:19 | 000,480,768 | -HS- | C] () -- C:\{DD97ED8E-4481-4949-B70B-04DEAA7EBFA1}.CBM

[2011/07/09 22:53:13 | 000,004,096 | -HS- | C] () -- C:\{463CF13E-9FCE-46E4-A2DF-EF5EE05AB18A}.CBM

[2011/07/09 22:03:23 | 000,477,184 | -HS- | C] () -- C:\EUMONBMP.SYS

[2011/07/09 21:18:08 | 000,194,748 | -HS- | C] () -- C:\EASEUSLD.LDR

[2011/07/09 21:17:59 | 000,035,720 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys

[2011/07/09 21:17:58 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EASEUS Todo Backup Free 2.5.1.lnk

[2011/07/06 13:01:28 | 000,135,923 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\My Documents\WeaKnees_Invoice.pdf

[2011/07/04 22:40:02 | 000,001,884 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax Business 2010.lnk

[2011/07/04 22:28:39 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2010.lnk

[2011/07/04 20:59:39 | 000,368,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/07/04 11:59:37 | 000,000,326 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job

[2011/07/04 11:51:25 | 000,000,306 | ---- | C] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job

[2011/07/03 17:21:25 | 3220,246,528 | -HS- | C] () -- C:\hiberfil.sys

[2011/07/03 14:14:40 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\housecall.guid.cache

[2011/05/01 18:53:41 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/04/03 12:53:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat

[2011/03/22 23:58:22 | 000,014,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll

[2011/03/06 13:45:18 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\P17CPI.dll

[2011/03/06 13:45:17 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\P17.dll

[2010/11/09 22:45:32 | 000,102,744 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe

[2010/11/09 22:45:30 | 010,877,272 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll

[2010/11/09 22:45:20 | 000,331,608 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll

[2010/11/09 22:31:42 | 000,027,872 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2010/07/31 15:20:58 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\jsound.dll

[2010/07/31 15:20:58 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\jmmpa.dll

[2010/07/31 15:20:58 | 000,282,624 | ---- | C] () -- C:\WINDOWS\System32\jmh261.dll

[2010/07/31 15:20:58 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jmvh263.dll

[2010/07/31 15:20:58 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\jmjpeg.dll

[2010/07/31 15:20:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\jmh263enc.dll

[2010/07/31 15:20:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\jmmpegv.dll

[2010/07/31 15:20:58 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\jmutil.dll

[2010/07/31 15:20:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\jmgsm.dll

[2010/07/31 15:20:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\jmvfw.dll

[2010/07/31 15:20:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmvcm.dll

[2010/07/31 15:20:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\jmgdi.dll

[2010/07/31 15:20:58 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmmci.dll

[2010/07/31 15:20:57 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\jmg723.dll

[2010/07/31 15:20:57 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\jmam.dll

[2010/07/31 15:20:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmcvid.dll

[2010/07/31 15:20:57 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\jmacm.dll

[2010/07/31 15:20:57 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\jmdaud.dll

[2010/07/31 15:20:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmfjawt.dll

[2010/07/31 15:20:57 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\jmddraw.dll

[2010/07/31 15:20:57 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\jmdaudc.dll

[2010/06/26 11:54:04 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini

[2010/05/07 18:43:30 | 000,025,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2010/04/28 12:15:41 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat

[2010/04/17 15:46:25 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2010/04/17 15:46:24 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2010/04/17 15:46:24 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2010/04/17 15:46:23 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2010/04/17 15:46:22 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2010/04/17 15:46:22 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2010/04/17 15:46:21 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2010/04/17 15:46:20 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2010/03/09 13:26:29 | 008,892,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\atscie.msi

[2010/01/16 16:21:00 | 000,208,951 | ---- | C] () -- C:\WINDOWS\hpoins35.dat

[2010/01/16 16:21:00 | 000,001,069 | ---- | C] () -- C:\WINDOWS\hpomdl35.dat

[2010/01/03 18:22:44 | 000,067,480 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

[2009/10/20 14:19:30 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2009/10/07 15:43:41 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2009/08/17 23:14:07 | 000,005,663 | ---- | C] () -- C:\WINDOWS\System32\Ludap17.ini

[2009/06/23 12:28:48 | 000,386,852 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat

[2008/11/03 16:48:40 | 000,117,831 | ---- | C] () -- C:\WINDOWS\ngmsi.dll

[2008/11/03 16:47:40 | 000,008,263 | ---- | C] () -- C:\WINDOWS\ngutil.exe

[2008/08/02 13:13:59 | 000,000,890 | ---- | C] () -- C:\WINDOWS\dellstat.ini

[2008/07/25 12:50:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icverify.INI

[2008/05/18 15:14:03 | 000,014,290 | ---- | C] () -- C:\Program Files\settings.dat

[2008/05/18 15:13:42 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/10/11 21:44:22 | 000,000,305 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\addr_file.html

[2007/06/06 10:10:21 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll

[2007/04/12 09:10:28 | 000,105,728 | ---- | C] () -- C:\WINDOWS\System32\APOMgrH.dll

[2006/10/12 17:18:56 | 000,462,848 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll

[2006/03/04 14:42:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/03/02 16:25:53 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\drivers\CO_Mon.sys

[2005/11/26 12:42:48 | 000,000,800 | ---- | C] () -- C:\WINDOWS\unins001.dat

[2005/03/25 20:07:01 | 000,000,048 | ---- | C] () -- C:\WINDOWS\PerWin.ini

[2005/02/05 15:09:18 | 000,002,650 | ---- | C] () -- C:\WINDOWS\mozver.dat

[2004/10/02 13:08:57 | 000,000,547 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2004/09/30 12:16:42 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\MACHNM1.EXE

[2004/08/29 10:03:23 | 000,000,327 | ---- | C] () -- C:\WINDOWS\alchem.ini

[2004/08/29 10:02:36 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BKGKFLKQ.ini

[2004/08/26 11:41:27 | 000,000,385 | ---- | C] () -- C:\WINDOWS\IQW.ini

[2004/08/12 09:36:06 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/12 09:36:06 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/12 09:28:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/12 09:26:08 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/12 09:26:06 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/12 09:22:08 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/12 09:22:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/12 09:18:55 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/12 09:18:32 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/03 20:56:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/05/17 20:06:28 | 000,127,042 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll

[2004/01/29 12:12:58 | 000,027,216 | ---- | C] () -- C:\Documents and Settings\Linda Lavin\Application Data\Personal Address Book.ADR

[2004/01/25 20:27:30 | 000,043,492 | ---- | C] () -- C:\WINDOWS\System32\e10kxwdm.ini

[2004/01/25 14:49:11 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE

[2003/11/25 14:27:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icvtran.INI

[2003/11/03 21:29:38 | 000,000,123 | ---- | C] () -- C:\WINDOWS\entpack.ini

[2003/10/29 16:22:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2003/10/13 19:58:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\RussSqr.INI

[2003/06/18 09:06:40 | 000,001,953 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2003/06/08 17:08:41 | 000,001,015 | ---- | C] () -- C:\WINDOWS\Pkzipw.INI

[2003/06/07 09:15:18 | 000,000,774 | ---- | C] () -- C:\WINDOWS\PowerReg.dat

[2003/06/06 16:24:01 | 000,000,160 | ---- | C] () -- C:\WINDOWS\icsetup.INI

[2003/06/03 20:46:16 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat

[2003/06/01 15:05:44 | 000,081,920 | R--- | C] () -- C:\WINDOWS\bwUnin-6.1.4.36-8876480L.exe

[2003/06/01 15:03:41 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL

[2003/06/01 09:21:51 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat

[2003/06/01 08:48:00 | 000,000,424 | ---- | C] () -- C:\WINDOWS\VTruck1.ini

[2003/05/31 21:43:45 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\InstallDriver.exe

[2003/05/27 22:05:03 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/05/27 22:00:18 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2003/05/27 21:53:12 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat

[2003/05/27 21:52:40 | 000,000,011 | ---- | C] () -- C:\WINDOWS\SBWIN.INI

[2003/05/27 21:48:37 | 000,000,900 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2003/05/27 21:39:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT

[2003/05/27 21:37:26 | 000,437,914 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT

[2003/05/27 21:37:26 | 000,069,834 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT

[2003/05/27 21:23:10 | 000,000,477 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2002/09/09 19:40:56 | 000,329,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2002/09/09 19:39:32 | 000,000,895 | ---- | C] () -- C:\WINDOWS\LRUN32.INI

[2002/09/09 19:37:54 | 000,000,655 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2002/09/03 14:35:18 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2002/09/03 14:31:48 | 000,023,348 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT

[2002/03/14 14:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe

[2001/03/14 13:42:55 | 000,001,304 | ---- | C] () -- C:\WINDOWS\extend.dat

[2000/02/08 03:05:36 | 000,110,080 | R--- | C] () -- C:\WINDOWS\System32\W32MKRC.DLL

[2000/02/08 03:05:34 | 000,320,512 | R--- | C] () -- C:\WINDOWS\System32\W32MKDE.EXE

[2000/02/08 03:05:34 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\NWLOCALE.DLL

[1998/08/16 07:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

[1998/05/28 18:16:39 | 000,009,728 | ---- | C] () -- C:\WINDOWS\VIEWS.DAT

========== LOP Check ==========

[2010/04/17 17:32:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis

[2009/08/02 10:24:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail

[2008/08/02 13:21:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2007/06/06 10:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA

[2006/10/22 15:01:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/11/03 11:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Toolkit Suite

[2009/12/27 18:27:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DynDNS

[2010/11/03 11:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fighters

[2011/07/19 09:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn

[2011/07/18 23:43:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Retrospect

[2010/11/20 13:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate

[2011/07/03 12:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft

[2007/02/02 18:54:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006

[2011/06/11 00:02:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\U-Verse Realtime

[2010/04/18 19:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital

[2011/05/25 19:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip

[2009/10/17 12:13:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Analysis Lotto

[2009/08/02 10:25:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Aventail

[2010/11/03 11:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Common Toolkit Suite

[2010/01/30 15:32:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Costco Photo Viewer US

[2010/04/27 19:12:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Facebook

[2010/11/03 11:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Fighters

[2009/12/25 17:14:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\GARMIN

[2005/11/06 14:23:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Kana Solution

[2011/04/03 11:32:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Leadertech

[2010/01/10 13:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Musicmatch

[2004/10/01 19:21:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\SLAutoSave

[2007/06/27 08:46:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\SPAMfighter

[2003/06/06 21:34:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\The Labyrinth Plus! Edition

[2011/07/04 17:20:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\TweakNow RegCleaner

[2011/07/04 17:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\TweakNow RegCleaner 2011

[2007/09/15 20:46:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Viewpoint

[2010/02/23 15:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\VirtualStore

[2010/04/18 20:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Linda Lavin\Application Data\Western DigitalTemp

[2011/07/10 19:25:01 | 000,000,448 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job

========== Purity Check ==========

< End of report >

Link to post
Share on other sites

Hi AliB,

Here are the MBAM and ESET logs.

They both came out clean, yeah!

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7201

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

7/19/2011 11:44:52 AM

mbam-log-2011-07-19 (11-44-52).txt

Scan type: Quick scan

Objects scanned: 198966

Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 1

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} (Adware.EBates) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

*******************

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=5c6d7ee86def85408c6b2d623ac71535

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-19 06:25:32

# local_time=2011-07-19 02:25:32 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1797 16775125 100 93 0 46681430 0 0

# compatibility_mode=3585 16777213 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 451541 451541 0 0

# scanned=176936

# found=0

# cleaned=0

# scan_time=8292

Computer seems to be running fine, although it seemed to be running fine before except for for the ! on partmgr on some of my reboots. I have not rebooted since running the OTL "fix" scan to see if the ! on partmgr comes back but right now it's not there.

Can you tell me what I can do about the Ebates BHO that keeps showing up in the MBAM scans? I have searched on line and from what I found, I don't have any programs that I can uninstall to get rid of it. But it does show up in IE7 under Add-ons. All I found was to remove the some registry entries.

Thank you so much for your help.

Alice

Link to post
Share on other sites

hi

Ebates should no longer show up in the MBAM scan.

Congratulations your logs appear clean :thumbsup:

Reset and Re-enable your System Restore

  • Open OTL
  • Under the Custom Scans/Fixes box at the bottom, paste the following:
    :Commands
    [clearallrestorepoints]
    [createrestorepoint]


  • Click the Run Fix button at the top
  • It might ask you to reboot, if so click YES

NEXT

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator")
  • Click on the CleanUp button.
  • Click Yes to begin the cleanup process and remove tools, including this application
  • You may be asked to reboot the machine to finish the cleanup process - if so, choose Yes

Recommendations

See Here for a list of recommendations for free Antivirus\AntiSpyware applications.

  • Keep Your windows up to date by regularly checking their website at:
    http://windowsupdate.microsoft.com/
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

    [*]MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    [*]Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more

    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up

    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from

    Here

    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.

    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

    [*]Click Here to learn how to keep a backup of your important files

    [*]FileHippo Update Checkker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Stay safe :wave:

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.