Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #16  
Old March 30th, 2012, 05:44 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
1st Report pt. 1

TL logfile created on: 3/29/2012 11:34:59 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\winter baby\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 35.76% Memory free
6.18 Gb Paging File | 3.91 Gb Available in Paging File | 63.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 199.62 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.63 Gb Free Space | 37.20% Space Free | Partition Type: NTFS

Computer Name: HOMELAPTOP | User Name: winter baby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/29 14:38:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\winter baby\Downloads\OTL.exe
PRC - [2012/03/27 17:10:29 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/03/15 23:51:33 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
PRC - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2011/09/09 09:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\Common Files\Motive\McciServiceHost.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/06/20 09:45:18 | 002,728,960 | ---- | M] (Eastman Kodak Company) -- C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2M UI.exe
PRC - [2010/07/27 05:15:50 | 001,573,888 | ---- | M] (Alcatel-Lucent) -- C:\Program Files\ATT-SST\McciTrayApp.exe
PRC - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/07/21 16:06:26 | 000,554,224 | ---- | M] (Dell Inc.) -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
PRC - [2009/07/21 16:06:26 | 000,189,680 | ---- | M] (SingleClick Systems) -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
PRC - [2009/06/10 23:23:46 | 005,730,304 | ---- | M] () -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/23 23:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe
PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2008/08/31 12:02:04 | 001,519,168 | ---- | M] (UltraVNC) -- C:\ProgramData\UltraVNC\winvnc.exe
PRC - [2008/05/04 04:25:32 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/05/04 04:25:26 | 000,167,936 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/05/04 04:25:26 | 000,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/05/04 04:25:26 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/03/04 00:05:24 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe
PRC - [2007/12/21 11:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe
PRC - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
PRC - [2006/11/03 17:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/28 22:03:35 | 008,797,344 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_20 2_228.dll
MOD - [2012/03/27 17:10:28 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/19 22:22:08 | 015,880,192 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Men uSkinning\804db0b1a4a794c50de31b7e75b87002\MenuSki nning.ni.dll
MOD - [2012/02/19 22:21:50 | 000,284,160 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Vis taBridgeLibrary\72484bd8d55844dacf8d07caea40e970\V istaBridgeLibrary.ni.dll
MOD - [2012/02/19 22:21:47 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Management\8b5f54e3b382fc1720c76557ef8c8bc3\Sy stem.Management.ni.dll
MOD - [2012/02/19 22:21:46 | 002,500,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Del lDock\011c5884292f17ccc41938faf0924f36\DellDock.ni .exe
MOD - [2012/02/19 22:21:44 | 000,274,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\MyD ock.Util\ec99bd7ff450a7b733c555da6ea93490\MyDock.U til.ni.dll
MOD - [2012/02/19 22:21:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784 \System.Runtime.Remoting.ni.dll
MOD - [2012/02/19 22:21:32 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web\2598077ccea480c6120d3a1ad4455be0\System.We b.ni.dll
MOD - [2012/02/19 22:21:23 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Web.Services\53aa60efa39e2d946fc3d0b5ee772e1d\ System.Web.Services.ni.dll
MOD - [2012/02/19 22:21:10 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\7fd6c62196829d1e2dce5a253145d51a \System.Configuration.ni.dll
MOD - [2012/02/19 09:46:52 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xm l.ni.dll
MOD - [2012/02/19 09:46:20 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3 \System.Windows.Forms.ni.dll
MOD - [2012/02/19 09:46:05 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\137696d0416b65dbc1561152971488b4\Syste m.Drawing.ni.dll
MOD - [2012/02/19 09:45:37 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Data\029217106fa24787ff7a61b754f8ebf7\System.D ata.ni.dll
MOD - [2012/02/19 09:45:26 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Core\bc01d91f95947c7f25f3ae4e16db2cb5\System.C ore.ni.dll
MOD - [2012/02/19 09:45:20 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\d48e106e015d0f8cb2d5295015cee508 \PresentationFramework.Aero.ni.dll
MOD - [2012/02/19 09:45:18 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationFramewo#\56df3488472318c59d0a08ed10a065d3 \PresentationFramework.ni.dll
MOD - [2012/02/19 09:44:33 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Pre sentationCore\3951e0a359c004cd6ba268ff78ac62aa\Pre sentationCore.ni.dll
MOD - [2012/02/19 09:44:08 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\1e258a951222c818540b33880ca45f2e\WindowsB ase.ni.dll
MOD - [2012/02/19 09:43:51 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011/10/13 19:06:32 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Acc essibility\bcb66dbad2b45d05235b37a02f737eb5\Access ibility.ni.dll
MOD - [2011/10/13 18:15:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni .dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/11/13 17:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
MOD - [2009/11/13 17:15:00 | 000,275,696 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.dll
MOD - [2009/11/13 17:15:00 | 000,152,816 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbShared.XmlSerializers.dll
MOD - [2009/11/13 17:15:00 | 000,095,472 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\SdbUI.dll
MOD - [2009/11/13 17:15:00 | 000,017,648 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\CppUtils.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b7 7a5c561934e089\System.Data.dll
MOD - [2008/10/03 11:18:00 | 000,058,608 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\BalloonWindow.dll
MOD - [2008/07/03 08:42:04 | 000,055,808 | ---- | M] () -- C:\Windows\System32\bcmwlrmt.dll
MOD - [2007/01/12 11:57:28 | 000,292,336 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
MOD - [2006/11/03 17:04:46 | 000,304,008 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
MOD - [2006/09/06 05:13:14 | 000,073,728 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\DLCXcfg.dll
MOD - [2006/08/08 14:54:18 | 000,278,528 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll
MOD - [2006/03/14 16:38:24 | 000,143,360 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Users\WINTER~1\AppData\Local\Temp\028242~1.EXE -- (0282421333073463mcinstcleanup) McAfee Application Installer Cleanup (0282421333073463)
SRV - [2012/03/28 22:03:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/15 23:51:33 | 000,058,288 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\Windows\System32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)
SRV - [2011/11/12 12:21:58 | 006,141,792 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2011/09/09 09:00:26 | 000,315,392 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/07/21 16:06:26 | 000,554,224 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)
SRV - [2009/07/21 16:06:26 | 000,189,680 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe -- (dsl-fs-sync)
SRV - [2009/06/10 23:23:46 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe -- (dsl-db)
SRV - [2008/12/10 00:10:14 | 000,024,636 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\Program Files\Common Files\Dell\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008/08/31 12:02:04 | 001,519,168 | ---- | M] (UltraVNC) [Auto | Running] -- C:\ProgramData\UltraVNC\winvnc.exe -- (uvnc_service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/12 06:07:20 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/11/12 06:07:16 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)
SRV - [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/11/03 17:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS -- (MRESP50a64)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS -- (MREMPR5)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS -- (MREMP50a64)
DRV - File not found [Kernel | System | Stopped] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6DCC4004-A756-479F-8CF0-86653B93442A}\MpKsl35a74887.sys -- (MpKsl35a74887)
DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/03/22 14:02:05 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\DellBIOS.Sys -- (DellBIOS)
DRV - [2011/11/12 12:18:10 | 000,033,792 | ---- | M] (Belcarra Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btblan.sys -- (Leapfrog-USBLAN)
DRV - [2010/04/26 21:25:20 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/04/26 21:25:20 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV - [2010/04/26 21:25:20 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV - [2010/04/26 21:25:20 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2009/06/10 16:21:26 | 000,027,472 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)
DRV - [2008/12/09 10:59:30 | 000,020,392 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\elrawdsk.sys -- (ElRawDisk)
DRV - [2008/09/23 09:45:32 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/09/23 09:45:31 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/07/03 08:41:54 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008/06/23 07:45:44 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/05/04 04:25:24 | 000,164,400 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/03/06 02:58:44 | 000,111,616 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/03/04 00:05:34 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2008/03/04 00:05:18 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2008/01/20 21:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/11/12 06:07:28 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/09/06 11:35:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/09/06 11:35:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/09/06 11:35:12 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/27 19:27:16 | 000,351,232 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
IE - HKLM\..\SearchScopes,DefaultScope = {56256A51-B582-467e-B8D4-7786EDA79AE0}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUxdm265YDUS&fl=0&ptb=uxKD1elEa. NhuVmlTQ6eAQ&url=http://search.mywebsearch.com/mywebsearch/GGmain.jhtml&st=sb&searchfor={searchTerms}&si=5222 &n=77cf8b53
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language }:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {620D322B-DA17-4909-87F6-72F1A4345B24}
IE - HKCU\..\SearchScopes\{620D322B-DA17-4909-87F6-72F1A4345B24}: "URL" = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DKUS_en&ie={inputEnc oding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{AED66147-715A-4004-AF2D-C1EB4538CB46}: "URL" = http://search.yahoo.com/search?p={searchterms}&ei=UTF-8&fr=w3i&type=W3i_DS,105,0_0,Search,20090416,0,0,0 ,0
IE - HKCU\..\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834}: "URL" = http://search.wish-search.com/?sid=20101014100&s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.un td.com;127.0.0.1;localhost;*microsoft.com;*windows update.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*syman tec.com;*.nai.com;*.networkassociates.com;*.dir.un td.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com; <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.att.net/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="
FF - prefs.js..network.proxy.no_proxies_on: "64.136.44.66,64.136.52.66,64.136.52.70,searchap.u ntd.com,127.0.0.1,localhost,*microsoft.com,*window supdate.com,*wustat.windows.com,*.pogo.com,*test-speed.com,liveupdate.symantecliveupdate.com,*syman tec.com,*.nai.com,*.networkassociates.com,*.dir.un td.com,cf.netzero.net,qs.netzero.net,*.aolcdn.com, localhost,127.0.0.1"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_20 2_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nosltd.com/getPlus+(R),version=1.6.2.103: C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF - HKLM\Software\MozillaPlugins\@realarcade.com/RAClient: C:\ProgramData\RealArcade\npraclient.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\winter baby\AppData\Local\Facebook\Video\Skype\npFacebook VideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\winter baby\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugin s\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/13 17:46:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/27 17:10:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/15 20:50:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensi ons\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/04/13 17:46:16 | 000,000,000 | ---D | M]

[2011/10/03 22:44:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winter baby\AppData\Roaming\Mozilla\Extensions
[2012/03/26 16:29:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\winter baby\AppData\Roaming\Mozilla\Firefox\Profiles\bvfd r2vc.default\extensions
[2012/03/25 23:05:12 | 000,000,000 | ---D | M] (ShopToWin19) -- C:\Users\winter baby\AppData\Roaming\Mozilla\Firefox\Profiles\bvfd r2vc.default\extensions\{1c772e68-28fd-41cd-91d4-ac0895836c70}
[2011/11/10 23:33:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/03/27 17:10:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/04/14 14:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mozilla firefox\components\Scriptff.dll
[2009/03/30 18:13:54 | 000,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2012/02/01 11:07:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/10/05 21:08:04 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2012/02/01 11:07:54 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\ppGoog leNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\pdf.dl l
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.77\gcswf3 2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho\3.40.135.1_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealArcade NPAPI Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npraclient.dll
CHR - plugin: getPlusPlus for Adobe 162103 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\winter baby\AppData\Local\Facebook\Video\Skype\npFacebook VideoCalling.dll
CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\winter baby\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugin s\npybrowserplus_2.9.8.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljnie djpjpf\0.0.0.14_0\
CHR - Extension: SiteAdvisor = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepao oicaho\3.40.135.1_0\
CHR - Extension: Gmail = C:\Users\winter baby\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia\6.1.3_0\

O1 HOSTS File: ([2008/12/19 23:00:13 | 000,000,781 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (no name) - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [(default)] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe" File not found
O4 - HKLM..\Run: [dlcxmon.exe] C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe ()
O4 - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2M UI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Dell PC Fax\fm3032.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 926\memcard.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - Startup: C:\Users\winter baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: DisableTaskMgr = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: netzero.net ([]* in Trusted sites)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/noc...tup1.0.1.1.cab (Reg Error: Key error.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/S...in/AvSniff.cab (Reg Error: Key error.)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/S.../bin/cabsa.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (Reg Error: Key error.)
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} http://support.microsoft.com/mats/DiagWebControl.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games...ploader_v6.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://jport.uscourts.gov/dana-cach...etupClient.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{4A825FF9-F9A0-4939-8BE3-236C814F597B}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{EFDC805A-A14B-4178-B541-C25851991440}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\winter baby\Downloads\1011112046b.jpg
O24 - Desktop BackupWallPaper: C:\Users\winter baby\Downloads\1011112046b.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O33 - MountPoints2\{a0c374fd-91db-11e0-be72-0023ae0d6854}\Shell - "" = AutoRun
O33 - MountPoints2\{a0c374fd-91db-11e0-be72-0023ae0d6854}\Shell\AutoRun\command - "" = G:\TLBootstrap_WPP.exe
O33 - MountPoints2\{c9df76e8-3227-11e1-9c73-0023ae0d6854}\Shell - "" = AutoRun
O33 - MountPoints2\{c9df76e8-3227-11e1-9c73-0023ae0d6854}\Shell\AutoRun\command - "" = F:\TL_Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2012/03/29 21:08:01 | 000,000,000 | ---D | C] -- C:\CAT-Logs
[2012/03/28 22:03:35 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/03/25 23:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012/03/25 23:01:15 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Local\Babylon
[2012/03/25 23:01:14 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Roaming\Babylon
[2012/03/25 23:01:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012/03/25 23:01:05 | 000,000,000 | ---D | C] -- C:\Users\winter baby\Documents\ShopToWin
[2012/03/25 22:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012/03/23 22:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\ReImageCompanion
[2012/03/22 13:44:17 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/22 10:41:01 | 000,000,000 | ---D | C] -- C:\Users\winter baby\Documents\Windows7_Vista_jcgriff2
[2012/03/22 10:39:46 | 000,638,784 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Users\winter baby\Documents\autoruns.exe
[2012/03/21 22:03:20 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Roaming\Template
[2012/03/18 21:22:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/03/18 21:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/03/18 15:16:03 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/03/16 21:55:54 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/13 15:15:28 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/03/13 15:15:26 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2012/03/13 15:15:26 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/03/13 15:15:26 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2012/03/13 15:15:26 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2012/03/13 15:15:26 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2012/03/13 15:14:56 | 000,613,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpencom.dll
[2012/03/12 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/03/12 21:18:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/03/12 21:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2012/03/08 18:55:37 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Local\Eastman_Kodak_Company
[2012/03/08 18:54:01 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Local\Eastman Kodak Company
[2012/03/08 18:52:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\kodak
[2012/03/08 18:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Kodak
[2012/03/08 18:45:35 | 000,000,000 | ---D | C] -- C:\Users\winter baby\AppData\Roaming\Temp
[2012/03/08 18:45:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kodak
[2010/10/05 00:05:33 | 000,456,184 | ---- | C] (MyWebSearch.com) -- C:\Program Files\Uninstall Fun Web Products.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/29 23:33:23 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2349259064-3804554855-2337022464-1000UA.job
[2012/03/29 23:32:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/03/29 23:24:10 | 000,607,406 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/03/29 23:24:10 | 000,105,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/03/29 23:17:47 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.exe
[2012/03/29 23:17:45 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.dll
[2012/03/29 23:17:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 23:17:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/29 23:17:36 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2012/03/29 23:17:36 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2012/03/29 23:17:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/29 23:17:11 | 3210,784,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/29 22:31:39 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/03/29 22:22:44 | 000,017,408 | ---- | M] () -- C:\Windows\System32\rpcnetp.dll
[2012/03/29 00:06:56 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/03/29 00:06:56 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/03/29 00:04:13 | 000,607,260 | ---- | M] () -- C:\Users\winter baby\Desktop\dds(1).scr
[2012/03/28 22:03:36 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/28 22:03:35 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/03/28 22:03:35 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/03/27 20:34:16 | 000,006,648 | ---- | M] () -- C:\Users\winter baby\AppData\Local\d3d9caps.dat
[2012/03/25 23:01:23 | 000,000,237 | ---- | M] () -- C:\user.js
[2012/03/25 22:49:22 | 000,000,272 | ---- | M] () -- C:\Windows\tasks\WebReg HP Deskjet F4400 series.job
[2012/03/25 20:11:38 | 250,792,252 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/23 22:30:17 | 000,000,286 | ---- | M] () -- C:\Windows\reimage.ini
[2012/03/22 14:02:05 | 000,007,168 | ---- | M] () -- C:\Windows\DellBIOS.Sys
[2012/03/22 11:09:16 | 001,939,625 | ---- | M] () -- C:\Users\winter baby\Documents\Windows7_Vista_jcgriff2.zip
[2012/03/22 10:36:11 | 000,055,296 | ---- | M] () -- C:\Users\winter baby\Documents\BSOD_Windows7_Vista_v2.64_jcgriff2_ .exe
[2012/03/22 10:35:37 | 000,638,784 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Users\winter baby\Documents\autoruns.exe
[2012/03/21 22:03:21 | 000,000,134 | ---- | M] () -- C:\Users\winter baby\AppData\Roaming\wklnhst.dat
[2012/03/15 23:51:33 | 000,058,288 | ---- | M] (Absolute Software Corp.) -- C:\Windows\System32\rpcnet.exe
[2012/03/15 20:30:00 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2349259064-3804554855-2337022464-1000Core.job
[2012/03/13 23:08:08 | 000,383,088 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/12 21:18:25 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
Reply With Quote


  #17  
Old March 30th, 2012, 05:45 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
1st Report pt. 2

========== Files Created - No Company Name ==========

[2012/03/29 22:32:38 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2012/03/29 22:20:16 | 3210,784,768 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/29 00:06:56 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/03/29 00:06:56 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/03/29 00:04:13 | 000,607,260 | ---- | C] () -- C:\Users\winter baby\Desktop\dds(1).scr
[2012/03/28 22:03:36 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/03/25 23:01:23 | 000,000,237 | ---- | C] () -- C:\user.js
[2012/03/25 22:49:22 | 000,000,272 | ---- | C] () -- C:\Windows\tasks\WebReg HP Deskjet F4400 series.job
[2012/03/23 22:30:02 | 000,000,286 | ---- | C] () -- C:\Windows\reimage.ini
[2012/03/22 14:02:05 | 000,007,168 | ---- | C] () -- C:\Windows\DellBIOS.Sys
[2012/03/22 11:08:11 | 001,939,625 | ---- | C] () -- C:\Users\winter baby\Documents\Windows7_Vista_jcgriff2.zip
[2012/03/22 10:39:52 | 000,055,296 | ---- | C] () -- C:\Users\winter baby\Documents\BSOD_Windows7_Vista_v2.64_jcgriff2_ .exe
[2012/03/21 23:22:53 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2012/03/21 23:22:53 | 000,001,815 | ---- | C] () -- C:\Users\winter baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
[2012/03/21 23:22:53 | 000,001,748 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk
[2012/03/21 22:03:19 | 000,000,134 | ---- | C] () -- C:\Users\winter baby\AppData\Roaming\wklnhst.dat
[2012/03/19 18:04:42 | 250,792,252 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/12 21:18:25 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2012/01/02 15:09:35 | 000,000,581 | ---- | C] () -- C:\Users\winter baby\AppData\Local\cookies.ini
[2011/07/25 23:13:53 | 000,000,413 | ---- | C] () -- C:\Users\winter baby\AppData\Local\RAExpertHistory.xml
[2011/07/25 23:04:03 | 000,000,179 | ---- | C] () -- C:\Users\winter baby\AppData\Local\rahistory.xml
[2011/07/16 23:05:10 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2011/07/16 23:04:30 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/10/29 18:20:43 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2010/10/29 18:16:31 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2010/10/29 18:16:31 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2010/10/29 18:16:31 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2010/10/29 18:16:30 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2010/10/29 18:16:30 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2010/10/29 18:16:30 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2010/10/29 18:16:29 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2010/10/29 18:16:29 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2010/10/29 18:16:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2010/10/29 18:16:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2010/10/29 18:16:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2010/10/29 18:16:27 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2010/10/29 18:16:27 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2010/10/29 18:16:27 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2010/10/29 18:16:27 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2010/10/29 18:16:26 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2010/10/29 18:16:25 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2010/10/29 18:16:24 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2010/10/29 18:16:24 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2010/10/29 18:16:24 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2010/10/29 18:16:23 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2010/10/29 18:16:23 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2010/10/29 18:16:22 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2010/04/13 17:32:53 | 000,168,059 | ---- | C] () -- C:\Windows\hpoins37.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:5D432CE3

< End of report >
Reply With Quote
  #18  
Old March 30th, 2012, 05:45 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
2nd Report

OTL Extras logfile created on: 3/29/2012 11:34:59 PM - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\winter baby\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 1.07 Gb Available Physical Memory | 35.76% Memory free
6.18 Gb Paging File | 3.91 Gb Available in Paging File | 63.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.79 Gb Total Space | 199.62 Gb Free Space | 69.85% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 3.63 Gb Free Space | 37.20% Space Free | Partition Type: NTFS

Computer Name: HOMELAPTOP | User Name: winter baby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{0494E644-4C06-4B8D-9EAF-C575679D65BA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{1EC520F8-BD15-4D74-A8EC-08713A35937C}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{26804AB1-F18E-4F7C-8474-250CB131196C}" = lport=5900 | protocol=6 | dir=in | name=ultravnc server |
"{2D16343F-8AE4-4921-8775-F25A09731634}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{2ED8F1FE-02C3-43AE-82DB-D5B622F4298E}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{3C92C0B0-84C9-4CA4-97A3-30A9871BC90D}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{4064B0D9-AB81-4FF5-AAA0-08F85DD95105}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{55E6CB20-69B9-4C8E-8C63-B7807A35371D}" = lport=445 | protocol=6 | dir=in | app=system |
"{57048218-F858-4C7A-A9B1-D554C9A12AE2}" = rport=137 | protocol=17 | dir=out | app=system |
"{58107A4F-7EE0-4EAD-BF48-7BE6BC526963}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{58CA0861-9D4B-4194-9794-4F1C8C8E8501}" = rport=445 | protocol=6 | dir=out | app=system |
"{5A621E11-D3F3-435B-88EF-3D8E4D4E9F30}" = lport=138 | protocol=17 | dir=in | app=system |
"{63BD264A-C721-418D-9C7A-061FDFAD0A0D}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{707BD661-9D03-45D7-8ADE-0D6418611E9E}" = rport=138 | protocol=17 | dir=out | app=system |
"{75B9FDFF-9335-4FE9-BFB8-52167D2ABD52}" = lport=40080 | protocol=6 | dir=in | name=remote access media server |
"{7788D750-E8A6-4838-8DA4-FF6CCED41B22}" = lport=40091 | protocol=6 | dir=in | name=streaming web cam |
"{7F43B077-3DF5-4D35-9C13-839436184750}" = lport=40094 | protocol=6 | dir=in | name=streaming web cam |
"{8C6B42FB-048F-4611-9E0B-9B397E852B92}" = rport=139 | protocol=6 | dir=out | app=system |
"{91F74251-748B-4F80-9B7A-943FBEEEA2FE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{9D1EAC2A-1D60-41C6-A883-6F4A0DCD7ED3}" = lport=139 | protocol=6 | dir=in | app=system |
"{AA7AEFBE-02EA-47E8-B28A-D47623940CCD}" = lport=40090 | protocol=6 | dir=in | name=streaming web cam |
"{BD19DCB9-204D-4C52-BD9C-F59E74FB0BCF}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{C45139F2-6125-4C82-B033-EB0894D4CA79}" = lport=5353 | protocol=17 | dir=in | name=bonjour port 5353 |
"{D269A234-5622-43ED-960A-28D3793FC450}" = lport=40093 | protocol=6 | dir=in | name=streaming web cam |
"{F0BC8B33-3E9F-459A-95CF-E495E3B9FF0A}" = lport=9322 | protocol=6 | dir=in | name=ekdiscovery |
"{F16C8EDC-A8B1-4DAC-89FF-712AAB678714}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F204D045-EC3C-4326-80AA-B3C631602E97}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{F51A8DCF-FC48-46FB-A377-87F8DB8EB5A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F8871AA8-15D7-41CF-9BD8-8A2CD49E94B5}" = lport=40092 | protocol=6 | dir=in | name=streaming web cam |
"{FBC66CF1-C1F7-4077-BFE5-BE0B20D2C97A}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Firewall Rules]
"{004ACBC6-6645-4C09-A206-CEA8160ACEEE}" = protocol=17 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{0097D00E-23BF-4FE2-B5D9-C495C81A7B33}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{046A917A-78BE-42B8-BF45-9E85E96A751C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{06930DC6-8C49-43A4-821F-9220190627FB}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{0B5AF9A0-04C2-4855-8598-17EAAC446E5E}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{0CF3BEAF-AA8C-481A-BDF4-D5A8F3E867FF}" = dir=in | app=c:\program files\leapfrog\leapfrog connect\leapfrogconnect.exe |
"{103E5831-01B6-4375-ABB7-33E5217EC272}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{10DDF085-4D03-4E99-A3B6-8360E4371536}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysql.exe |
"{131AE0C9-B3B6-490D-A518-1B0628A1167A}" = protocol=6 | dir=in | app=c:\program files\veetle\player\veetlenet.exe |
"{16EECB55-1202-4F45-9622-FA86F0BA1D08}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{17ECCE8F-AE14-4F5E-8A0B-56B2234CC01B}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{195A4E07-E8FA-4BC0-A140-696C27CC909A}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{19786F8F-8608-4A1D-8957-39C0D3070C67}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\apache\php.exe |
"{1BAC9850-5623-4FFB-8967-6A7C3E625592}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{1C3C2817-9225-4B48-9D01-AEA1CC6C95F5}" = protocol=17 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{1E43431D-171E-41FA-997C-1B0745D7E4C7}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1FAF7F64-FC5A-455B-ABAD-F3A0B37986EB}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe |
"{20F10057-D533-481D-AAF7-739FEC589FFC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{2CB24332-2ACD-4ADB-B62A-DAE78289436D}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{2E33D000-7AF5-41B6-A127-ABEA51A47CB3}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{33BE6A42-D66D-43A0-B8C3-11A3B4744175}" = protocol=17 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{3467CCE1-815D-4312-8339-FF14110DFE5E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{36A25380-E86F-41C5-A2C0-359083C11F64}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{37EBA12B-90B5-4A17-AADF-4ED1CC7A752C}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{3D786628-12C5-46FE-877F-D094FCC51B9E}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{406C9BB3-488A-48EC-B76D-8711CEBED0AE}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{483E2D67-4B7C-4916-8819-243B0911F02D}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{4C426327-030F-4E3B-B6C1-44DAC46B4A6D}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{50339D7F-1D28-45DE-B37B-3AC88CD28679}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{52634546-4775-4246-95A4-B1FB85A934D7}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{54D4BF2F-7C5B-41C0-BF23-AA56CCA9DD8E}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{57B12272-9CC2-4331-8EB3-3EA53EAD6D96}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{580DD431-C890-47CF-AEC7-A7E284BC6DF8}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysqld.exe |
"{5A0D29E8-04B8-4344-BA8D-DAA4AE5F1AFC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5C089969-B8E7-48EC-8A91-F938FCCD5816}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{5E530073-3F33-4592-8EB0-04D30EEEA619}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{610DF479-7422-4C0A-8A5A-57A6C6E7764D}" = protocol=6 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{62616966-105E-423B-8D22-94173D6CD8B3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{687B7950-3038-49AC-A249-AD839B1D7147}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqcopy2.exe |
"{7046AB44-F9F9-4988-8B4B-F338677F513D}" = protocol=6 | dir=in | app=c:\programdata\ultravnc\winvnc.exe |
"{77339D9A-4515-4A6F-8DF5-C58560EC3B5C}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysql.exe |
"{77E0FFD0-8806-4322-B653-385C747BA2D6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{799384B1-8E9B-4248-B882-D3C9BD950B62}" = protocol=6 | dir=in | app=c:\program files\common files\dell\remote access file sync service\dsl_fs_sync.exe |
"{7AC3F453-4E03-4973-8377-C49A0559A886}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\mysql\bin\mysqld.exe |
"{804EB9B2-74C0-4DEE-8762-16AD61393832}" = protocol=6 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{836C9800-5E69-4E8C-8100-A8ABF7C48512}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{8A574A19-5E86-4FAC-A2B0-C99545B218CD}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\apache\php.exe |
"{8BD32FC4-53ED-4B9B-BD77-34972A51EB0D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{8CD07B8C-FDA6-4CB7-A9DD-C7A54F54C698}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{954AF7A5-637A-40CF-8DA0-18C53C0DEDB4}" = protocol=17 | dir=in | app=c:\program files\common files\dell\vlc\vlc.exe |
"{961ECD75-12B2-4CA0-B5A3-295E9A52753E}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\php.exe |
"{9706CA76-A355-4E13-BD19-4C1DEF3FE4F8}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{9709BB6B-65CD-4E88-84DC-F6D46E8368AC}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{A14F45EB-D2D1-458A-B002-29E11D2B0C1C}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{A34B750B-1B7D-4DCC-9526-4C4A161E0232}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysql.exe |
"{A47C05F5-FB61-4B1C-A336-672A882B2A80}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A8E19E41-89E4-4174-A0DF-4B991A975117}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{ABFCF039-497A-4DEC-BAEC-2C6F757DF968}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{B239D789-22BF-4AAD-9965-D272AF173C64}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |
"{B307CCB9-8522-48B1-95DE-47A04F71DCAB}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{B36EC97C-1C00-44CB-B1A1-01575ADD0B95}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{B6EC7BDF-F55E-4B31-9D59-F351A5558C16}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{B964A05C-B5FC-48FF-BEEB-7E1BCFE3AE99}" = protocol=17 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{B9925B97-5E21-4039-ADF0-BF28442F7EEF}" = protocol=17 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{BC7B37F9-1FE0-4B82-9185-F7F2EA0EDC89}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\remote access file sync service\dsl_fs_sync.exe |
"{BE012001-3C17-4E0D-94E8-614C7B627D9C}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{C030AC1C-7EAA-4330-8AFA-40D8DC24AF49}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine. exe |
"{C2AC1D82-9A75-4AE4-B7C6-7E6130DFA98E}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{C3AF7656-6EB2-4F19-9FE2-14D86A133119}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{C45767CA-C907-4493-AC72-AC672A24B725}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{CC5AD9F5-27E3-4E4C-9804-14BAF0DE1824}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |
"{CF8EA355-B4A3-438E-8B58-92FB180B7BB2}" = protocol=6 | dir=in | app=c:\program files\att-hsi\mccibrowser.exe |
"{D06EBA63-CE5E-4DCD-AFA1-FAEB87599AB9}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{D3978AB4-0876-420E-97DC-62827E7DB815}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{D3C147DF-1ABF-4E55-B269-C47D4EC10AD6}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{D4A7E03F-6AAF-4CED-A365-512069A29CDF}" = protocol=17 | dir=in | app=c:\program files\common files\dell\apache\bin\httpd.exe |
"{D5C2F769-C561-4F6D-B7EF-F86CC2941F58}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{D6B7D0AA-8BB5-4622-A27A-9CF26EE2BC2F}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{D6F277AD-2B93-4741-B3FA-D099C5DDA49A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{D8E4433C-F4B9-40FA-B412-471951840E53}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\apache\bin\httpd.exe |
"{DA40E67A-60EF-447B-8A62-74576783B546}" = protocol=6 | dir=in | app=c:\program files\common files\motive\mcciservicehost.exe |
"{E03416CA-11E0-483E-9CCE-7EA2C0371BD3}" = protocol=6 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"{E199EAC1-D92A-469A-8164-0F9710777C3C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E5554E81-4845-4C87-A01A-39D056EBAFCB}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\apache\bin\httpd.exe |
"{E971458A-8CD7-47AD-86E4-91EF398EA56B}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |
"{EE92925B-60F4-4D2E-AE18-554637E7FC3C}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{EEDA801A-2790-40DC-9207-6958C0921255}" = protocol=6 | dir=in | app=c:\program files\common files\dell\mysql\bin\mysqld.exe |
"{F0678110-2A13-45DA-8534-121C2FEC4BB9}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |
"{F87B8687-8060-4635-87FD-8CCE149C6579}" = dir=in | app=c:\users\winter baby\appdata\local\facebook\video\skype\facebookvi deocalling.exe |
"{F9BD84F5-E534-4CF0-B7F1-DAD4861D9F96}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{FBCB16B7-0173-4B49-AEAB-BBD0E7018500}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FDCA829E-4F86-4CF0-A578-DFA23DBAC012}" = protocol=17 | dir=in | app=c:\program files\common files\dell\advanced networking service\hnm_svc.exe |
"TCP Query User{1093D3A6-BD42-4201-B611-047D0ADC645C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{2897D6EE-2AFA-4407-A456-D7AC8588D010}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{067F36D7-A47F-15A9-6163-425ACC2F59F3}" = Amazon MP3 Uploader
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}" = Kodak AIO Printer
"{28DFA10C-2588-4CF2-9275-E0EFF1E9BB0C}" = Complete Care Consumer Service Agreement
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{294BF709-D758-4363-8D75-01479AD20927}" = Windows Live Family Safety
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D8F9830-D6A3-413A-9A54-993827A73E47}" = DELL0604
"{3E9E68FB-49FA-410A-8787-424F2A506E0F}" = Business Plan Pro 15th Anniversary Edition
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{497072FE-0A75-4E5C-A5B7-EB1FA67F66F1}" = DJ_AIO_05_F4400_Software_Min
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5AEBB4A3-6878-4CEE-AD34-0F6958A983F0}" = HP Deskjet F4400 Printer Driver Software 13.0 Rel .5
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6D3963B0-E13B-4FC3-B0FF-506A304BB043}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EAD600D-1912-4DEF-92B5-0C7525E17ED2}" = F4400
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94055A4F-6F4D-4F6D-85DB-893070B0BE7F}" = Verizon Wireless Software Upgrade Assistant - Samsung
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98B6FB8A-8638-4037-AD44-CF7D0EEAB875}_is1" = TypingMaster Pro
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BE94C681-68E2-4561-8ABC-8D2E799168B4}" = essentials
"{BFBCF96F-7361-486A-965C-54B17AC35421}" = ocr
"{C39A4E1F-9AF1-4FE1-A80E-A5B867FABB42}" = Dell Best of Web
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D19C4BCB-FAAE-48C1-A423-3DA40C3B7F42}" = LeapFrog Leapster Explorer Plugin
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{EF53BFAB-4C10-40DB-A82D-9B07111715C6}" = aioscnnr
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F42F3704-4CA7-4D28-9F5B-FDBF2E589EB2}" = Verizon Wireless Software Upgrade Assistant - SAMSUNG (TL-PC)
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F9D59E62-845F-49A2-8B75-DDB00661673C}" = LeapFrog Connect
"{FAF26102-09D7-4C58-AB01-0D59A2E517CA}" = Copy
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Aleks 3.12" = Aleks 3.12
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"ATT-HSI" = ATT-HSI
"ATT-SST" = AT&T Troubleshoot & Resolve Tool
"ATTToolbar" = AT&T Toolbar
"BN_DesktopReader" = Barnes & Noble Desktop Reader
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F10 00F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B3204 85DF8CE.1" = Acrobat.com
"com.amazon.music.uploader" = Amazon MP3 Uploader
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Dell Support Center" = Dell Support Center
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"Digital Editions" = Adobe Digital Editions
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"LeapsterExplorerPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Leapster Explorer Plugin)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"PROR" = Microsoft Office Professional 2007
"Shop for HP Supplies" = Shop for HP Supplies
"UPCShell" = LeapFrog Connect
"Veetle TV" = Veetle TV
"VTechDownloadManager" = Learning Lodge Navigator
"WinLiveSuite" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Juniper_Networks_Cache_Cleaner 6.3.0" = Juniper Networks Cache Cleaner 6.3.0
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2012 10:35:39 PM | Computer Name = Homelaptop | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 6.0.6001.18000, time stamp
0x47918b89, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x16b8a560, process id 0x9bc, application start time
0x01cd0e1c1389a93f.

Error - 3/29/2012 10:39:33 PM | Computer Name = Homelaptop | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2012 11:24:02 PM | Computer Name = Homelaptop | Source = WinMgmt | ID = 10
Description =

Error - 3/29/2012 11:27:05 PM | Computer Name = Homelaptop | Source = SPP | ID = 16387
Description =

Error - 3/29/2012 11:27:05 PM | Computer Name = Homelaptop | Source = System Restore | ID = 8193
Description =

Error - 3/29/2012 11:27:39 PM | Computer Name = Homelaptop | Source = Perflib | ID = 1010
Description =

Error - 3/29/2012 11:27:45 PM | Computer Name = Homelaptop | Source = Perflib | ID = 1008
Description =

Error - 3/30/2012 12:18:48 AM | Computer Name = Homelaptop | Source = WinMgmt | ID = 10
Description =

Error - 3/30/2012 12:32:43 AM | Computer Name = Homelaptop | Source = SPP | ID = 16387
Description =

Error - 3/30/2012 12:32:43 AM | Computer Name = Homelaptop | Source = System Restore | ID = 8193
Description =

[ Broadcom Wireless LAN Events ]
Error - 10/29/2011 11:53:23 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 22:53:23, Sat, Oct 29, 11 Error - User "" does not have administrative
privileges on this system

Error - 11/4/2011 10:15:59 AM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 09:15:59, Fri, Nov 04, 11 Error - User "" does not have administrative
privileges on this system

Error - 11/5/2011 1:36:53 AM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 00:36:53, Sat, Nov 05, 11 Error - User "" does not have administrative
privileges on this system

Error - 11/5/2011 2:27:07 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 13:27:07, Sat, Nov 05, 11 Error - User "" does not have administrative
privileges on this system

Error - 11/7/2011 12:01:49 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 10:01:49, Mon, Nov 07, 11 Error - User "" does not have administrative
privileges on this system

Error - 12/2/2011 3:31:00 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 13:31:00, Fri, Dec 02, 11 Error - User "" does not have administrative
privileges on this system

Error - 12/9/2011 12:55:21 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 10:55:21, Fri, Dec 09, 11 Error - User "" does not have administrative
privileges on this system

Error - 12/25/2011 7:46:49 PM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 17:46:49, Sun, Dec 25, 11 Error - User "" does not have administrative
privileges on this system

Error - 12/28/2011 2:26:07 AM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 00:26:07, Wed, Dec 28, 11 Error - User "" does not have administrative
privileges on this system

Error - 3/6/2012 1:57:30 AM | Computer Name = Homelaptop | Source = WLAN-Tray | ID = 0
Description = 23:57:30, Mon, Mar 05, 12 Error - User "" does not have administrative
privileges on this system

[ Dell Events ]
Error - 7/13/2011 11:32:36 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/13/2011 11:32:36 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/13/2011 11:55:08 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/13/2011 11:55:08 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/6/2011 9:33:15 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 8/6/2011 9:33:15 PM | Computer Name = Homelaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 9/17/2011 11:10:25 AM | Computer Name = Homelaptop | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ OSession Events ]
Error - 4/23/2009 11:26:05 AM | Computer Name = Homelaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1286
seconds with 840 seconds of active time. This session ended with a crash.

Error - 7/27/2010 1:03:40 AM | Computer Name = Homelaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6535.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7022
seconds with 180 seconds of active time. This session ended with a crash.

Error - 10/30/2010 12:12:05 AM | Computer Name = Homelaptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/29/2012 11:24:02 PM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7011
Description =

Error - 3/29/2012 11:24:02 PM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 3/29/2012 11:31:00 PM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7022
Description =

Error - 3/29/2012 11:45:53 PM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7011
Description =

Error - 3/30/2012 12:05:44 AM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7043
Description =

Error - 3/30/2012 12:06:15 AM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7043
Description =

Error - 3/30/2012 12:18:49 AM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 3/30/2012 12:18:49 AM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7011
Description =

Error - 3/30/2012 12:18:49 AM | Computer Name = Homelaptop | Source = Service Control Manager | ID = 7000
Description =

Error - 3/30/2012 12:33:48 AM | Computer Name = Homelaptop | Source = DCOM | ID = 10010
Description =


< End of report >
Reply With Quote
  #19  
Old March 30th, 2012, 11:45 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
AnnMarie caught that my McAfee uninstaller link was outdated, but the logs seem clear of McAfee antivirus now, so no need to run the uninstaller.

Some past malware changes showing here as well, so we will address this from a malware perspective as well.

Security Essentials left behind one of it's failed update devices, so we'll need to remove that, but looking clear as far as all that conflicting security software goes. Things running better there now?


Code:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-
"ProxyServer"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\windows\CurrentVersion\Policies\Explorer]
"NoControlPanel"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\windows\CurrentVersion\Policies\System]
"DisableTaskMgr"=-
Open Notepad (Start Search, type Notepad then click the notepad file that shows in the display), and copy the text inside the box above and paste it into the open Notepad textbox.

Save this to your desktop as "fixer.reg"

Be sure to include the "" quotes in the name.

Then right click fixer.reg, select Merge, and allow it to merge the new information with the Registry.

----------

Right click Computer, left click Manage.

In that menu click Device Manager. When the Device Manager display opens click View - Show hidden devices.

Then in the list below that click the plus symbol (+) next to the following to expand that list:

Non-Plug and Play Drivers


In that list locate the following item, right click it and select Uninstall. OK any warnings, but decline a reboot offer for now, then close the Device Manager.

MpKsl35a74887

---------

Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc delete MpKsl35a74887

Then type exit to close the command window.

------------

Go to Start - Control Panel - Programs - Programs and Features, then click on each of the following programs, if they show there, and click "Uninstall/Change".

McAfee Virtual Technician - Of no real value there now.
Browser Address Error Redirector - Dell installed search hijacker.
McAfee Security Scan Plus - Only scans. More a McAfee advertisement than of any real value.
AT&T Toolbar - Resource waster, so uninstall if you don't use it.

----------

In Firefox, go to Help - Restart with Add-ons Disabled. In that "Firefox Safe Mode" display that opens, place checks next to the following, then click "Make changes and restart".

Reset toolbars and controls

Reset all user preferences to Firefox defaults

Restore default search engines

You can change those later to whatever you prefer, but for now, too many search hijackers have altered things there.

There are some other adware settings in IE, but let's scan first before checking on those.

-----------

Download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup-1.60.01800.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

----------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.


Also download HijackThis from Here. Then click on the downloaded file, install HijackThis, and select Do a system scan and save logfile. Use copy/paste and post that log back here for review.
Reply With Quote
  #20  
Old March 31st, 2012, 08:16 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
Hijackthis Log file

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:12:24 AM, on 3/31/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\ATT-SST\McciTrayApp.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\spool\drivers\w32x86\3\EKAiO2M UI.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.un td.com;127.0.0.1;localhost;*microsoft.com;*windows update.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*syman tec.com;*.nai.com;*.networkassociates.com;*.dir.un td.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com; <local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [Dell PC TuneUp Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [EKAIO2StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKAiO2M UI.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2349259064-3804554855-2337022464-1002\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'RA Media Server')
O4 - HKUS\S-1-5-21-2349259064-3804554855-2337022464-1002\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'RA Media Server')
O4 - HKUS\S-1-5-21-2349259064-3804554855-2337022464-1002\..\Run: [ATT-SST] C:\Program Files\ATT-SST\McciBrowser.exe -AppKey=ATT-SST -URL=file://C:\Program Files\ATT-SST\OCB\37d08485-c67d-4d35-9f2e-8980fce587ed\Start.htm?VendorID=ATT-SST,isHidden=false,ConnectivityRequired=true,flowI d=HOMEPAGE,FlowParams= (User 'RA Media Server')
O4 - HKUS\S-1-5-21-2349259064-3804554855-2337022464-1002\..\Run: [SansaDispatch] C:\Users\RA Media Server\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (User 'RA Media Server')
O4 - HKUS\S-1-5-21-2349259064-3804554855-2337022464-1002\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (User 'RA Media Server')
O4 - HKUS\S-1-5-21-2349259064-3804554855-2337022464-1002\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB5; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; yie8)" -"http://games.yahoo.com/daily-games/wordsense" (User 'RA Media Server')
O4 - S-1-5-21-2349259064-3804554855-2337022464-1002 Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'RA Media Server')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {A3256902-51FA-45A0-8A97-FC1143C169D9} - http://support.microsoft.com/mats/DiagWebControl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://l.yimg.com/jh/games/web_games...ploader_v6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - https://jport.uscourts.gov/dana-cach...etupClient.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: McAfee Application Installer Cleanup (0282421333073463) (0282421333073463mcinstcleanup) - Unknown owner - C:\Users\WINTER~1\AppData\Local\Temp\028242~1.EXE (file missing)
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Remote Access Media Server (Apache2.2) - Apache Software Foundation - C:\Program Files\Common Files\Dell\apache\bin\httpd.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Remote Access DB (dsl-db) - Unknown owner - C:\Program Files\Common Files\Dell\MySQL\bin\mysqld.exe
O23 - Service: Remote Access File Sync Service (dsl-fs-sync) - SingleClick Systems - C:\Program Files\Common Files\Dell\Remote Access File Sync Service\dsl_fs_sync.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - C:\Program Files\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciServiceHost.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\System32\rpcnet.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: UltraVNC Server (uvnc_service) - UltraVNC - C:\ProgramData\UltraVNC\winvnc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14292 bytes
Reply With Quote
  #21  
Old March 31st, 2012, 08:18 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
Eset Logfile

C:\Program Files\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\C996.tmp a variant of Win32/Kryptik.ACTE trojan cleaned by deleting - quarantined
C:\Users\winter baby\AppData\Local\Temp\Addons\B231343E\babylon.ex e Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\Users\winter baby\AppData\Local\Temp\BabylonToolbar\BabylonTool bar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon application deleted - quarantined
C:\Users\winter baby\AppData\LocalLow\Sun\Java\Deployment\cache\6. 0\42\5d76256a-278598ea Java/Agent.CM trojan deleted - quarantined
C:\Users\winter baby\AppData\LocalLow\Sun\Java\Deployment\cache\6. 0\56\1f307278-10453d11 probably a variant of Java/Agent.CR trojan deleted - quarantined
D:\Windows\System32\autochk.exe a variant of Win32/CompuTrace.A application cleaned by deleting - quarantined
Reply With Quote
  #22  
Old March 31st, 2012, 08:26 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
Malwarebytes Logfile 1

www.malwarebytes.org

Database version: v2012.03.31.02

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
winter baby :: HOMELAPTOP [administrator]

Protection: Disabled

3/30/2012 10:54:58 PM
mbam-log-2012-03-30 (22-54-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237168
Time elapsed: 7 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 44
HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\CLSID\{2F9AD413-2E0B-4a85-BB2A-CF961238262A} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCR\Typelib\{03D7FF6E-9781-40B5-BB7F-94291A361604} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\Typelib\{CDC73256-A88D-4642-844E-A8F20B76789C} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{FE4C2C37-EDC8-4C00-B864-3C38CF3BA834} (Adware.Adshot) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \Stats\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{D95C7240-0282-4C01-93F5-673BCA03DA86} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EDDBB5EE-BB64-4bfc-9DBE-E7C85941335B} (Adware.Zango) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{A3E67DAA-DA01-4da5-98BE-3088B554A11E} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKCR\AppID\CMVideo.DLL (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\CMVideoPlugin (Trojan.BHO) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKCU\Software\hotbarsa (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\FunWebProducts (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Scheme s\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\Host OL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Office\Word\Addins\HostOL. MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Values Detected: 7
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: a+߬H:; -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: Hotbar -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} (Adware.Zango) -> Data: -> Quarantined and deleted successfully.
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\winter baby\AppData\Local\ave.exe" /START "%1" %* -> Quarantined and deleted successfully.
HKCR\secfile\shell\open\command| (Rogue.MultipleAV) -> Data: "C:\Users\winter baby\AppData\Local\ave.exe" /START "%1" %* -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer|WINID (Malware.Trace) -> Data: 1CAD58846874860 -> Quarantined and deleted successfully.

Registry Data Items Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.E XE\shell\open\command| (Hijack.StartMenuInternet) -> Bad: ("C:\Users\winter baby\AppData\Local\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and repaired successfully.
HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and repaired successfully.
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and repaired successfully.

Folders Detected: 11
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\Wea ther_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\Weather_XML (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\WeatherDPA (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Files Detected: 29
C:\Program Files\Uninstall Fun Web Products.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully.
C:\Users\winter baby\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\scandisk.lnk (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\c.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\m.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\p.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\m3.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\System32\sf.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\history (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherStartup .xml (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\Lin ks (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\rad ar-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\rad ar-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\sat ellite-big.jpg (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\sat ellite-small (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\Wea therPreferences (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\Wea ther_XML\Display (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\Wea ther_XML\Loading (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\WeatherDPA\Wea ther_XML\screen2 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\Weather_XML\De fault (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\Weather_XML\Ge nera1 (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Users\winter baby\AppData\Roaming\Hotbar\Weather\Weather_XML\Ge neral (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAAbout.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAau.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSAEULA.mht (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA_hpk.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\ProgramData\HotbarSA\HotbarSA_kyf.dat (Adware.Hotbar) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Quarantined and deleted successfully.

(end)
Reply With Quote
  #23  
Old March 31st, 2012, 08:30 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
I can boot in normal mode now. No bsod. My pc has a slower response time than before. It take a couple minutes after I click to open a file or a webpage or anything. It stalls then comes up. So don't know why it is doing that.
Reply With Quote
  #24  
Old April 1st, 2012, 12:43 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
No active malware, and one remnant McAfee exit service we need to remove, so let's make the changes we need to do now, you reboot, then let's see if there are still issues there.


Go to Start Search, type cmd.exe in the Start Search box. Cmd.exe will appear at the top of the Menu. Rightclick on it and choose "Run as administrator". At the prompt copy/paste the following, pressing Enter after each:

sc delete 0282421333073463mcinstcleanup

Then type exit and press Enter to close that command window.

------------

Make a copy of the following list, then close Internet Explorer and all running programs and run a scan in HijackThis. Place a check next to all of the following lines, then select Fix Checked and close HijackThis.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.un td.com;127.0.0.1;localhost;*microsoft.com;*windows update.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*syman tec.com;*.nai.com;*.networkassociates.com;*.dir.un td.com;cf.netzero.net;qs.netzero.net;*.aolcdn.com; <local>
R3 - URLSearchHook: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O4 - HKUS\S-1-5-21-2349259064-3804554855-2337022464-1002\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103471 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB5; FunWebProducts; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.5.30729; .NET CLR 3.0.30729; yie8)" -"http://games.yahoo.com/daily-games/wordsense" (User 'RA Media Server')
O15 - Trusted Zone: http://*.mcafee.com
O15 - Trusted Zone: *.netzero.com
O15 - Trusted Zone: *.netzero.net
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)


Reboot, then post back an update on any issues we still need to address please.
Reply With Quote
  #25  
Old April 1st, 2012, 03:45 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
Completed all the steps. Pc has gotten faster. Not stalling anymore. Things seem good to me. Had a problem with Hijackthis but I rebooted and did the process again. Host services for windows processes keeps getting blocked by malwarebytes. Also whenever I check a page with lots of graphics a warning comes up about an update to Adobe flash player 9.0 or about encryptions. And it has slowed down again.

Is there a log file I need to post?

Last edited by mac1981; April 1st, 2012 at 03:53 AM.
Reply With Quote
  #26  
Old April 1st, 2012, 11:40 PM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
Do some needed updates, then check after.

The logs show you have slightly outdated versions of vulnerable programs, so Go to each of these sites and update to the latest version (keep your eyes open - they often slide in "opportunities" for things like Google, or McAfee's scanner):

http://www.adobe.com/downloads/
(For Adobe Reader and Flash Player - uncheck the useless McAfee scan, if offered)

http://java.com/en/download/manual.jsp
(For Java 6 Update 31 - trying to slip Ask adware/spyware to systems lately, so watch and uncheck it)

Once you have done that, be sure to go to Programs and Features and uninstall any older, more vulnerable Java versions.

Reboot, then post back an update on how things are running there please.
Reply With Quote
  #27  
Old April 2nd, 2012, 05:04 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
I can't download anything. Tried to download java and it says this service can't receive host messages. Adobe just doesn't come up. Tried opening them with run as administrator but that doesn't work either.
Reply With Quote
  #28  
Old April 3rd, 2012, 12:01 AM
Jintan Jintan is offline
Malware Removal Team Advisor
 
Join Date: Dec 2004
Posts: 49,807
Open Hijackthis.

Click "View the list of backups".

A list of the entries that have been removed using HijackThis will show in the display. Check each of the following entries, then click the Restore button, and close HijackThis.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 64.136.44.66;64.136.52.66;64.136.52.70;searchap.un td.com;127.0.0.1;localhost;*microsoft.com;*windows update.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;*syman tec.

Reboot after and
Reply With Quote
  #29  
Old April 3rd, 2012, 03:58 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
Downloaded and updated. Can't uninstall an earlier version of Java that came with the laptop. Host process for windows services still is being closed down. What is that anyway?
Reply With Quote
  #30  
Old April 3rd, 2012, 03:58 AM
mac1981 mac1981 is offline
Senior Member
 
Join Date: Mar 2012
O/S: Windows Vista 32-bit
Posts: 227
Can I install a virus protection now?
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 07:01 PM.