# Computer running very slow and crashing



## chickie225 (Sep 18, 2007)

Over the past week or so, I've noticed my computer has been running slow. Then it would crash for (seemingly) no reason. Then I would have to force it to restart because it would completely lock up. Thank you so much for your time and help!!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:40:16 PM, on 3/22/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090204
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R3 - URLSearchHook: YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\COUPON~1.DLL
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Swag Bucks - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa1.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Inbox Toolbar - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O3 - Toolbar: Swag Bucks Toolbar - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa1.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponsBar.dll
O3 - Toolbar: &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Boxoft Tools] "C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe" -autorun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &Search - http://tbedits.retrogamer.com/one-t...A8FC-C383-48EC-BC33-FF39669A9E05&n=2011111619
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jennifer\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} (CanvasX Class) - http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} (SonyOnlineInstallerX) - http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} (GameTap Player) - 
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} (20-20 3D Viewer for WEB) - https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www.arkansashighways.com/Road/acgm.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll
O18 - Protocol: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: Nielsen Update (NielsenUpdate) - The Nielsen Company - C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 19801 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86 
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Run by Jennifer at 22:40:27 on 2012-03-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3061.924 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Windows Internet Explorer provided by Yahoo!
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: TTB000000 Class: {62960d20-6d0d-1ab4-4bf1-95b0b5b8783a} - c:\windows\COUPON~1.DLL
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwa1.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: WOT Helper: {c920e44a-7f78-4e64-bdd7-a57026e7feb7} - c:\program files\wot\WOT.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Inbox Toolbar: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - c:\program files\google\chrome frame\application\17.0.963.83\npchrome_frame.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn4\yt.dll
TB: Swag Bucks Toolbar: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - c:\program files\swag_bucks\prxtbSwa1.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: WOT: {71576546-354d-41c9-aae8-31f2ec22bf0d} - c:\program files\wot\WOT.dll
TB: CouponBar: {5bed3930-2e9e-76d8-bacc-80df2188d455} - c:\windows\CouponsBar.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Creative Detector] c:\program files\creative\mediasource\detector\CTDetect.exe /R
uRun: [CTSyncU.exe] "c:\program files\creative\sync manager unicode\CTSyncU.exe"
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Boxoft Tools] "c:\documents and settings\all users\application data\boxtools\Boxofttoolbox.exe" -autorun
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\jennifer\local settings\application data\akamai\netsession_win.exe"
uRun: [Google Update] "c:\documents and settings\jennifer\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] c:\program files\google\gmail notifier\gnotify.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [NielsenOnline] c:\program files\netratingsnetsight\netsight\NielsenOnline.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Garmin Lifetime Updater] c:\program files\garmin\lifetime updater\GarminLifetime.exe /StartMinimized
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jennifer\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareguard\sgmain.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: &Search - http://tbedits.retrogamer.com/one-t...A8FC-C383-48EC-BC33-FF39669A9E05&n=2011111619
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\jennifer\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
Trusted Zone: aol.com\free
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {28B66320-9687-4B13-8757-36F901887AB5} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} - hxxp://www.freerealms.com/gamedata/FreeRealmsInstaller.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} - hxxp://archives.gametap.com/static/cab_headless/GameTapWebPlayer.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://www.arkansashighways.com/Road/acgm.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FDDEC41F-C8C1-48C5-BAAB-9F3B72AE0C56} : DhcpNameServer = 192.168.1.254
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\17.0.963.83\npchrome_frame.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jennifer\application data\mozilla\firefox\profiles\84m4f9xb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - prefs.js: browser.search.selectedEngine - bing
FF - prefs.js: browser.startup.homepage - hxxp://start.msn.iplay.com/?o=shp
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q=
FF - component: c:\program files\netratingsnetsight\netsight\meter9\ffaddon\components\nsgkff36_meter9.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\jennifer\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\jennifer\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\extensions\[email protected]\plugins\npGameTapWebPlayer.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol400.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol500.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\retrogamer_2zei\installr\3.bin\NP2zEISb.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: GameTap: [email protected] - c:\program files\mozilla firefox\extensions\[email protected]
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: EpicPlay Games	: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Oberon GamesBar: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: AI Roboform Toolbar for Firefox: {22119944-ED35-4ab1-910B-E619EA06A115} - c:\program files\siber systems\ai roboform\Firefox
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Nielsen: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7} - c:\program files\netratingsnetsight\netsight\meter9\FFAddon
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.01.01
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-13 64288]
R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [2010-6-14 24192]
R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [2011-3-18 20352]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
R1 MpKsl8641c08f;MpKsl8641c08f;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58692e6c-ef0e-4d92-af06-ff73020ba7d6}\MpKsl8641c08f.sys [2012-3-22 29904]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2010-6-14 15360]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-25 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-12-3 2152152]
R2 NielsenUpdate;Nielsen Update;c:\program files\netratingsnetsight\netsight\NielsenUpdate.exe [2011-1-26 306496]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-2-7 24652]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2010-6-14 10368]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-12-3 15232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
RUnknown MpKsl28dee376;MpKsl28dee376; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-1-14 136176]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2009-2-7 348352]
S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2009-2-7 43392]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-19 18560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-1-14 136176]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2012-2-12 18432]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [2010-6-14 9088]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-03-23 02:58:03	29904	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58692e6c-ef0e-4d92-af06-ff73020ba7d6}\MpKsl8641c08f.sys
2012-03-23 02:14:42	--------	d-----w-	c:\program files\Trend Micro
2012-03-22 15:11:15	56200	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58692e6c-ef0e-4d92-af06-ff73020ba7d6}\offreg.dll
2012-03-22 14:32:21	29904	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58692e6c-ef0e-4d92-af06-ff73020ba7d6}\MpKsl28dee376.sys
2012-03-22 06:46:54	29904	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58692e6c-ef0e-4d92-af06-ff73020ba7d6}\MpKsl93da976b.sys
2012-03-21 09:28:24	6582328	----a-w-	c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{58692e6c-ef0e-4d92-af06-ff73020ba7d6}\mpengine.dll
2012-03-16 06:14:13	--------	d-----w-	c:\documents and settings\jennifer\application data\redsn0w
2012-03-09 02:51:05	--------	d-----w-	c:\documents and settings\jennifer\application data\SpeedyPC Software
2012-03-09 02:51:05	--------	d-----w-	c:\documents and settings\jennifer\application data\DriverCure
2012-03-09 02:50:55	--------	d-----w-	c:\documents and settings\all users\application data\SpeedyPC Software
.
==================== Find3M ====================
.
2012-03-15 20:09:11	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-19 04:44:32	256	----a-w-	c:\windows\system32\pool.bin
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD322HJ rev.1AC01113 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89F0349F]<< 
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x89f0a740]; MOV EAX, [0x89f0a8b4]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AD40AB8]
3 CLASSPNP[0xBA0F8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\00000071[0x8ADB2400]
5 ACPI[0xB9F7F620] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8AD89940]
\Driver\atapi[0x8A486BE0] -> IRP_MJ_CREATE -> 0x89F0349F
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; MOV CX, 0x4; MOV BP, 0x7be; CMP BYTE [BP+0x0], 0x0; }
detected disk devices:
detected hooks:
\Driver\atapi DriverStartIo -> 0x89F032C6
user & kernel MBR OK 
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:42:05.37 ===============

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-22 23:29:06
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 SAMSUNG_HD322HJ rev.1AC01113
Running: 1cemi2lk.exe; Driver: C:\DOCUME~1\Jennifer\LOCALS~1\Temp\uftdqpog.sys

---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA10887E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA108BFE]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1228] kernel32.dll!WriteFile 7C810E27 5 Bytes JMP 0096000C 
.text C:\WINDOWS\System32\svchost.exe[1228] ole32.dll!CoCreateInstance  774FF1BC 5 Bytes JMP 00E7000A

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Tcp nnrnstdi.SYS (NNRNSTDI helper driver/The Nielsen Company)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 89F3E2C6

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0003c94b6a31 
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0003c94b6a31 (not active ControlSet) 
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9040111900063D11C8EF10054038389C\[email protected] 1081536670

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 [email protected] code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\NetworkService\Cookies\04ODOGSO.txt 1082 bytes
File C:\Documents and Settings\NetworkService\Cookies\SKRM3OZC.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\AQZ8WYKD.txt 202 bytes
File C:\Documents and Settings\NetworkService\Cookies\2DEWJZDQ.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\RDMVJY18.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\FMJOB4HZ.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\HCC5XST6.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\7H0AI2ML.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\7NNFEQMR.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\AC7TLHJA.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\QYZRCXOJ.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\1EHX66MG.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\K5IVOFJY.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\JEJL8H6O.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\HMCHORJ6.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\V6SF3SMV.txt 3996 bytes
File C:\Documents and Settings\NetworkService\Cookies\V89WDS0O.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\VAO000C6.txt 132 bytes
File C:\Documents and Settings\NetworkService\Cookies\PM1Y6IWH.txt 246 bytes
File C:\Documents and Settings\NetworkService\Cookies\PNV48AA0.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\ESCN7ZZ6.txt 154 bytes
File C:\Documents and Settings\NetworkService\Cookies\EW2TL3DJ.txt 0 bytes
File C:\Documents and Settings\NetworkService\Cookies\XJWAV5AF.txt 371 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\GX1IBF2W\ffiad[7].htm 417 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IMTB8FY3\Vihr06ypHzqAR[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IMTB8FY3\Smart3Handler[1].ashx 70 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IMTB8FY3\spotx[1].js 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IMTB8FY3\p-01-0VIaSjnOLg[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IMTB8FY3\FiveminCookieCache[1].ashx 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IMTB8FY3\audmeasure[1].gif 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IMTB8FY3\nonSecureAnonymousFramework[1] 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RJQW5PXT\ab[1].txt 0 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RJQW5PXT\spotx[1].js 7110 bytes
File C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZZ0IELJ4\get[2].png 739 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\Microsoft.VC90.ATL.cat 9749 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\Microsoft.VC90.CRT.cat 9749 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\Microsoft.VC90.DebugCRT.cat 9770 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\Microsoft.VC90.DebugMFC.cat 9770 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\Microsoft.VC90.DebugOpenMP.cat 9782 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\Microsoft.VC90.MFC.cat 9749 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\Microsoft.VC90.MFCLOC.cat 9762 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\Microsoft.VC90.OpenMP.cat 9762 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\policy.9.00.Microsoft.VC90.ATL.cat 9798 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\policy.9.00.Microsoft.VC90.CRT.cat 9798 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\policy.9.00.Microsoft.VC90.DebugCRT.cat 9818 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\policy.9.00.Microsoft.VC90.DebugMFC.cat 9818 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\policy.9.00.Microsoft.VC90.DebugOpenMP.cat 9831 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\policy.9.00.Microsoft.VC90.MFC.cat 9798 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\policy.9.00.Microsoft.VC90.MFCLOC.cat 9810 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x64\Program Files(64)\Microsoft Visual Studio 9.0\Vc7\WinSXS\AMD64 catalogs\policy.9.00.Microsoft.VC90.OpenMP.cat 9810 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.1028.txt 3872 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.1031.txt 15460 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.1033.txt 10042 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.1036.txt 12278 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.1040.txt 13944 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.1041.txt 5786 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.1042.txt 5990 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.1049.txt 13992 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.2052.txt 3872 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\eula.3082.txt 12968 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\globdata.ini 1110 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.exe 562688 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.ini 844 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.1028.dll 76304 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.1031.dll 96272 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.1033.dll 91152 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.1036.dll 96784 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.1040.dll 95248 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.1041.dll 81424 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.1042.dll 79888 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.1049.dll 93200 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.2052.dll 75792 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\install.res.3082.dll 96272 bytes executable
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\vcredist.bmp 5686 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\vc_red.cab 3830610 bytes
File C:\autodesk\AutoCAD_Inventor_Suite_2011_Win_32bit\x86\support\VCRedist\2008\x86\vc_red.msi 232960 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Documentation.html 2668 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Links.html 3440 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Links_Deployment.html 3440 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Links_Standalone.html 3440 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Links_Tools.html  485 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\RAC2010 Installation Instructions.html 84 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\RAC2010 Installation Instructions.pdf 851436 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\RAC2010 Known Issues.html 71 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\RAC2010 Known Issues.pdf 54604 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\ReadMe.html 1333 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Revit Architecture 2010 Feature Summary.html 90 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Revit Architecture 2010 Feature Summary.pdf 186871 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\RevitInstallUtilities.html 72 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\RevitInstallUtilities.pdf 41276 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Revit_Architecture_Introduction.pdf 2644241 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\RTF-Revit Architecture 2010.html 78 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\RTF-Revit Architecture 2010.pdf 114690 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\InfoLink\Support.html 1574 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\1.bmp 1503032 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\10.bmp 502896 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\11.bmp 1503032 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\12.bmp 502896 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\13.bmp 502896 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\2.bmp 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\3.bmp 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\4.bmp 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\5.bmp 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\6.bmp 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\7.bmp 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\8.bmp 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Images\9.bmp 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment1.xml.html 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment10.xml.html 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment11.xml.html 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment2.xml.html 140 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment3.xml.html 140 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment4.xml.html 140 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment5.xml.html 140 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment6.xml.html 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment7.xml.html 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment8.xml.html 0 bytes
File C:\autodesk\RAC_2010_English_Win_32bit\SetupRes\RevitBuilding\Infotainment\Infotainment9.xml.html 0 bytes

---- EOF - GMER 1.0.15 ----


----------



## flavallee (May 12, 2002)

Go to Control Panel - Add Or Remove Programs, then uninstall/remove

*uTorrent

Ad-Aware*(by Lavasoft)

*AVG 2011

ESET Online Scanner 3

Java(TM) 6 Update 7

SpywareGuard 2.2

Windows Defender*

Restart the computer to complete the uninstall/removal of any of them, if prompted to.

After they've all been uninstalled/removed, restart one last time.

---------------------------------------------------

You've now got

*Microsoft Security Essentials

Malwarebytes Anti-Malware 1.60.1.1000

SpywareBlaster 4.4*

installed for protecting your computer, which is pretty much all you need. :up:

Over-kill with security programs and multiple antivirus programs will bog down a computer and cause various problems.

---------------------------------------------------

You've got a LOT of programs and extras installed in that computer, and many of them are outdated or unneeded.

I think it's time to consider doing some "housecleaning".

---------------------------------------------------

Right-click MY COMPUTER, then click Properties.

What's listed in the *Computer:* section at the bottom of the "General" tab?

---------------------------------------------------


----------



## chickie225 (Sep 18, 2007)

I uninstalled all listed except uTorrent because I use that often, and when I tried to uninstall Ad-Aware, my computer froze up twice. What gives? I'm even having problems with Google Chrome running super slow. I also noticed a couple of days ago that I was having trouble with Google (in Chrome and IE). When I search, sometimes when I click on a search result, it will immediately take me to a page with a 404 error. At first I thought it was the website I was looking for, but then it was the exact same page for everything I tried. Also when I click on images, it won't do anything but take me back to the search page. I thought it was something to do with Google, but it continues even today. I'm having to using a different search engine if I want to do anything in a decent amount of time. I'm sorry I forgot to mention that in the first post.

Anyhow, here is the info you requested:

Dell Inspiron 530S
Pentium(R) Dual-Core CPU
E5200 @ 2.50GHz
1.60 GHz, 2.99 GB of RAM
Physical Address Extension

(Please don't laugh  My computer is several years old)


----------



## chickie225 (Sep 18, 2007)

Quick update: I attempted to uninstall ad-aware one more time and this time it worked fine (of course). It prompted me to restart, so I did.


----------



## chickie225 (Sep 18, 2007)

One more quick update. I rarely have my sound on, but I turned it on to listen to music. I noticed that every couple of minutes my computer makes that "bing" sound (like if you close Word and it prompts you to save?). That's something new, as of this week. Nothing is popping up. What could it be? Thanks again!!


----------



## kevinf80 (Mar 21, 2006)

*Please read carefully and follow these steps.*

Download *TDSSKiller* and save it to your Desktop.
Doubleclick on *TDSSKiller.exe* to run the application.
Click on* "Change parameters"* and place a checkmark next to Verify *Driver Digital Signature* and *Detect TDLFS file system*, then click OK










Select Scan
If an infected file is detected, the default action will be *Cure*, click on *Continue.*










If a suspicious file is detected, the default action will be *Skip*, click on *Continue.*










It may ask you to reboot the computer to complete the process. Click on *Reboot Now*.










If no reboot is require, click on *Report*. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "*TDSSKiller.[Version]_[Date]_[Time]_log.txt*". Please copy and paste the contents of that file here.


----------



## chickie225 (Sep 18, 2007)

I did what you said. As soon as the scan stopped, a warning from Microsoft Security Essentials popped up with a threat. I attached a screenshot of the log. I did what it suggested. Was that okay?



13:11:56.0224 4180	TDSS rootkit removing tool 2.7.22.0 Mar 21 2012 17:40:00
13:11:58.0161 4180	============================================================
13:11:58.0161 4180	Current date / time: 2012/03/23 13:11:58.0161
13:11:58.0161 4180	SystemInfo:
13:11:58.0161 4180	
13:11:58.0161 4180	OS Version: 5.1.2600 ServicePack: 3.0
13:11:58.0161 4180	Product type: Workstation
13:11:58.0161 4180	ComputerName: NAPIER
13:11:58.0161 4180	UserName: Jennifer
13:11:58.0177 4180	Windows directory: C:\WINDOWS
13:11:58.0177 4180	System windows directory: C:\WINDOWS
13:11:58.0177 4180	Processor architecture: Intel x86
13:11:58.0177 4180	Number of processors: 2
13:11:58.0177 4180	Page size: 0x1000
13:11:58.0177 4180	Boot type: Normal boot
13:11:58.0177 4180	============================================================
13:12:02.0567 4180	Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:12:02.0645 4180	\Device\Harddisk0\DR0:
13:12:02.0661 4180	MBR used
13:12:02.0661 4180	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x25415E3B
13:12:02.0802 4180	Initialize success
13:12:02.0802 4180	============================================================
13:12:19.0051 7320	============================================================
13:12:19.0051 7320	Scan started
13:12:19.0051 7320	Mode: Manual; SigCheck; TDLFS; 
13:12:19.0051 7320	============================================================
13:12:20.0786 7320	A5AGU (b170143a9fbb293307ebea6b81359c89) C:\WINDOWS\system32\DRIVERS\A5AGU.sys
13:12:21.0426 7320	A5AGU - ok
13:12:21.0442 7320	Abiosdsk - ok
13:12:21.0473 7320	abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
13:12:22.0286 7320	abp480n5 - ok
13:12:22.0364 7320	ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:12:23.0333 7320	ACPI - ok
13:12:23.0364 7320	ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
13:12:23.0786 7320	ACPIEC - ok
13:12:23.0848 7320	adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
13:12:24.0379 7320	adpu160m - ok
13:12:24.0411 7320	aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
13:12:25.0317 7320	aec - ok
13:12:25.0364 7320	AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
13:12:25.0504 7320	AFD - ok
13:12:25.0536 7320	agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
13:12:26.0457 7320	agp440 - ok
13:12:26.0489 7320	agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
13:12:27.0395 7320	agpCPQ - ok
13:12:27.0411 7320	Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
13:12:27.0723 7320	Aha154x - ok
13:12:27.0739 7320	aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
13:12:28.0207 7320	aic78u2 - ok
13:12:28.0223 7320	aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
13:12:28.0676 7320	aic78xx - ok
13:12:28.0926 7320	Akamai (31bd294dc6ddbc0f16356d958d0743a4) c:\program files\common files\akamai/netsession_win_7de0ed9.dll
13:12:28.0926 7320	Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_7de0ed9.dll. md5: 31bd294dc6ddbc0f16356d958d0743a4
13:12:28.0942 7320	Akamai ( HiddenFile.Multi.Generic ) - warning
13:12:28.0942 7320	Akamai - detected HiddenFile.Multi.Generic (1)
13:12:29.0004 7320	Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
13:12:29.0911 7320	Alerter - ok
13:12:29.0942 7320	ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
13:12:30.0739 7320	ALG - ok
13:12:30.0801 7320	AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
13:12:31.0317 7320	AliIde - ok
13:12:31.0348 7320	alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
13:12:32.0223 7320	alim1541 - ok
13:12:32.0239 7320	amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
13:12:33.0145 7320	amdagp - ok
13:12:33.0160 7320	amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
13:12:33.0489 7320	amsint - ok
13:12:33.0582 7320	Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:12:33.0676 7320	Apple Mobile Device - ok
13:12:33.0707 7320	AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
13:12:34.0504 7320	AppMgmt - ok
13:12:34.0551 7320	asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
13:12:35.0051 7320	asc - ok
13:12:35.0098 7320	asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
13:12:35.0410 7320	asc3350p - ok
13:12:35.0410 7320	asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
13:12:35.0910 7320	asc3550 - ok
13:12:35.0926 7320	aspnet_state (0e5e4957549056e2bf2c49f4f6b601ad) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:12:35.0989 7320	aspnet_state - ok
13:12:36.0051 7320	AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:12:36.0973 7320	AsyncMac - ok
13:12:37.0035 7320	atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
13:12:37.0926 7320	atapi - ok
13:12:37.0942 7320	Atdisk - ok
13:12:37.0989 7320	ATHFMWDL (629ecfac73e13c3832ee56419bf7cdca) C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
13:12:38.0035 7320	ATHFMWDL ( UnsignedFile.Multi.Generic ) - warning
13:12:38.0035 7320	ATHFMWDL - detected UnsignedFile.Multi.Generic (1)
13:12:38.0035 7320	Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:12:38.0879 7320	Atmarpc - ok
13:12:38.0910 7320	AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
13:12:39.0067 7320	AudioSrv - ok
13:12:39.0082 7320	audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
13:12:39.0567 7320	audstub - ok
13:12:39.0660 7320	Autodesk Licensing Service (9b4aa74515e7212a854a343d613904f3) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
13:12:40.0426 7320	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:12:40.0426 7320	Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:12:40.0488 7320	Autodesk Network Licensing Service (f393a805a1ba93e0c3e21abfbef8b708) C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
13:12:40.0738 7320	Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - warning
13:12:40.0738 7320	Autodesk Network Licensing Service - detected UnsignedFile.Multi.Generic (1)
13:12:40.0817 7320	Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
13:12:41.0301 7320	Beep - ok
13:12:41.0348 7320	BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
13:12:42.0551 7320	BITS - ok
13:12:42.0645 7320	Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
13:12:42.0738 7320	Bonjour Service - ok
13:12:42.0785 7320	Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
13:12:43.0598 7320	Browser - ok
13:12:43.0629 7320	btaudio - ok
13:12:43.0629 7320	BTDriver - ok
13:12:43.0676 7320	BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
13:12:44.0488 7320	BthEnum - ok
13:12:44.0535 7320	BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
13:12:45.0457 7320	BthPan - ok
13:12:45.0520 7320	BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
13:12:45.0660 7320	BTHPORT - ok
13:12:45.0707 7320	BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
13:12:46.0598 7320	BthServ - ok
13:12:46.0629 7320	BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
13:12:47.0504 7320	BTHUSB - ok
13:12:47.0520 7320	BTKRNL - ok
13:12:47.0520 7320	BTWDNDIS - ok
13:12:47.0566 7320	btwmodem (21b393aa3ade51451178cd79b7995b70) C:\WINDOWS\system32\DRIVERS\btwmodem.sys
13:12:47.0613 7320	btwmodem ( UnsignedFile.Multi.Generic ) - warning
13:12:47.0613 7320	btwmodem - detected UnsignedFile.Multi.Generic (1)
13:12:47.0629 7320	BTWUSB - ok
13:12:47.0645 7320	BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
13:12:47.0707 7320	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - warning
13:12:47.0707 7320	BVRPMPR5 - detected UnsignedFile.Multi.Generic (1)
13:12:47.0863 7320	catchme - ok
13:12:47.0910 7320	cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13:12:48.0410 7320	cbidf - ok
13:12:48.0426 7320	cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
13:12:48.0848 7320	cbidf2k - ok
13:12:48.0895 7320	CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
13:12:49.0754 7320	CCDECODE - ok
13:12:49.0754 7320	cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
13:12:50.0066 7320	cd20xrnt - ok
13:12:50.0129 7320	Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
13:12:50.0613 7320	Cdaudio - ok
13:12:50.0629 7320	Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
13:12:51.0519 7320	Cdfs - ok
13:12:51.0535 7320	Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:12:52.0426 7320	Cdrom - ok
13:12:52.0426 7320	Changer - ok
13:12:52.0457 7320	CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
13:12:53.0379 7320	CiSvc - ok
13:12:53.0410 7320	ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
13:12:54.0301 7320	ClipSrv - ok
13:12:54.0379 7320	clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:12:54.0441 7320	clr_optimization_v2.0.50727_32 - ok
13:12:54.0504 7320	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:12:54.0551 7320	clr_optimization_v4.0.30319_32 - ok
13:12:54.0598 7320	CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
13:12:55.0035 7320	CmdIde - ok
13:12:55.0051 7320	COMSysApp - ok
13:12:55.0066 7320	Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
13:12:55.0535 7320	Cpqarray - ok
13:12:55.0566 7320	Creative Service for CDROM Access (3c8b6609712f4ff78e521f6dcfc4032b) C:\WINDOWS\system32\CTsvcCDA.EXE
13:12:55.0644 7320	Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - warning
13:12:55.0644 7320	Creative Service for CDROM Access - detected UnsignedFile.Multi.Generic (1)
13:12:55.0676 7320	CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
13:12:56.0582 7320	CryptSvc - ok
13:12:56.0598 7320	dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
13:12:57.0051 7320	dac2w2k - ok
13:12:57.0066 7320	dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
13:12:57.0582 7320	dac960nt - ok
13:12:57.0644 7320	DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
13:12:57.0801 7320	DcomLaunch - ok
13:12:57.0832 7320	DFUBTUSB (d21dab2d7f1a1dc0f1fb957b8b0a4207) C:\WINDOWS\system32\Drivers\frmupgr.sys
13:12:57.0910 7320	DFUBTUSB ( UnsignedFile.Multi.Generic ) - warning
13:12:57.0910 7320	DFUBTUSB - detected UnsignedFile.Multi.Generic (1)
13:12:57.0957 7320	Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
13:12:58.0801 7320	Dhcp - ok
13:12:58.0847 7320	Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
13:12:59.0707 7320	Disk - ok
13:12:59.0738 7320	dmadmin - ok
13:12:59.0769 7320	dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
13:13:00.0707 7320	dmboot - ok
13:13:00.0722 7320	dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
13:13:01.0551 7320	dmio - ok
13:13:01.0566 7320	dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
13:13:01.0972 7320	dmload - ok
13:13:02.0035 7320	dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
13:13:02.0926 7320	dmserver - ok
13:13:02.0988 7320	DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
13:13:03.0816 7320	DMusic - ok
13:13:03.0847 7320	Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
13:13:04.0066 7320	Dnscache - ok
13:13:04.0082 7320	Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
13:13:04.0925 7320	Dot3svc - ok
13:13:04.0957 7320	dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
13:13:05.0394 7320	dpti2o - ok
13:13:05.0410 7320	drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
13:13:06.0285 7320	drmkaud - ok
13:13:06.0316 7320	e1express (34aaa3b298a852b3663e6e0d94d12945) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
13:13:06.0379 7320	e1express - ok
13:13:06.0394 7320	EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
13:13:07.0300 7320	EapHost - ok
13:13:07.0332 7320	ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
13:13:08.0207 7320	ERSvc - ok
13:13:08.0254 7320	Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:13:08.0363 7320	Eventlog - ok
13:13:08.0410 7320	EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
13:13:08.0519 7320	EventSystem - ok
13:13:08.0582 7320	Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
13:13:09.0394 7320	Fastfat - ok
13:13:09.0441 7320	FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:13:09.0597 7320	FastUserSwitchingCompatibility - ok
13:13:09.0644 7320	Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
13:13:10.0550 7320	Fax - ok
13:13:10.0613 7320	Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
13:13:11.0519 7320	Fdc - ok
13:13:11.0535 7320	Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
13:13:12.0441 7320	Fips - ok
13:13:12.0535 7320	FLEXnet Licensing Service (d60ef46dc0e757fe5eb579db95b88954) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:13:12.0675 7320	FLEXnet Licensing Service - ok
13:13:12.0738 7320	FlipShare Service (e6ba1ceb107ad2663554942a3b090b43) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
13:13:12.0847 7320	FlipShare Service - ok
13:13:12.0878 7320	Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
13:13:13.0769 7320	Flpydisk - ok
13:13:13.0785 7320	FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:13:14.0660 7320	FltMgr - ok
13:13:14.0707 7320	FlyUsb (8efa9bfc940d9eb9348d9dafb839fe25) C:\WINDOWS\system32\DRIVERS\FlyUsb.sys
13:13:14.0832 7320	FlyUsb - ok
13:13:14.0894 7320	FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:13:14.0910 7320	FontCache3.0.0.0 - ok
13:13:14.0925 7320	Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:13:15.0472 7320	Fs_Rec - ok
13:13:15.0503 7320	Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:13:15.0941 7320	Ftdisk - ok
13:13:16.0003 7320	GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
13:13:16.0050 7320	GEARAspiWDM - ok
13:13:16.0128 7320	GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
13:13:16.0191 7320	GoToAssist - ok
13:13:16.0207 7320	Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:13:17.0113 7320	Gpc - ok
13:13:17.0206 7320	gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:17.0269 7320	gupdate - ok
13:13:17.0269 7320	gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
13:13:17.0316 7320	gupdatem - ok
13:13:17.0347 7320	gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
13:13:17.0410 7320	gusvc - ok
13:13:17.0425 7320	HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:13:18.0253 7320	HDAudBus - ok
13:13:18.0300 7320	helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:13:19.0331 7320	helpsvc - ok
13:13:19.0363 7320	HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
13:13:20.0238 7320	HidServ - ok
13:13:20.0300 7320	hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:13:21.0128 7320	hidusb - ok
13:13:21.0160 7320	hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
13:13:22.0035 7320	hkmsvc - ok
13:13:22.0066 7320	hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
13:13:22.0535 7320	hpn - ok
13:13:22.0566 7320	HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
13:13:22.0675 7320	HPZid412 - ok
13:13:22.0691 7320	HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
13:13:22.0863 7320	HPZipr12 - ok
13:13:22.0894 7320	HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
13:13:23.0019 7320	HPZius12 - ok
13:13:23.0081 7320	HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
13:13:23.0191 7320	HTTP - ok
13:13:23.0253 7320	HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
13:13:23.0519 7320	HTTPFilter - ok
13:13:23.0566 7320	i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
13:13:23.0659 7320	i2omgmt - ok
13:13:23.0675 7320	i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
13:13:23.0800 7320	i2omp - ok
13:13:23.0941 7320	ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
13:13:24.0347 7320	ialm - ok
13:13:24.0472 7320	iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\WINDOWS\system32\drivers\iaStor.sys
13:13:24.0503 7320	iaStor - ok
13:13:24.0628 7320	IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:13:24.0706 7320	IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:13:24.0706 7320	IDriverT - detected UnsignedFile.Multi.Generic (1)
13:13:24.0831 7320	idsvc (c01ac32dc5c03076cfb852cb5da5229c) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:13:24.0988 7320	idsvc - ok
13:13:25.0034 7320	Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
13:13:25.0941 7320	Imapi - ok
13:13:25.0972 7320	ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
13:13:26.0863 7320	ImapiService - ok
13:13:26.0894 7320	ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
13:13:27.0300 7320	ini910u - ok
13:13:27.0425 7320	IntcAzAudAddService (17bbbabb21f86b650b2626045a9d016c) C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:13:27.0831 7320	IntcAzAudAddService - ok
13:13:27.0878 7320	IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
13:13:28.0800 7320	IntelIde - ok
13:13:28.0847 7320	intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
13:13:29.0738 7320	intelppm - ok
13:13:29.0769 7320	Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:13:30.0644 7320	Ip6Fw - ok
13:13:30.0675 7320	IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:13:31.0097 7320	IpFilterDriver - ok
13:13:31.0112 7320	IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:13:31.0987 7320	IpInIp - ok
13:13:32.0019 7320	IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:13:32.0941 7320	IpNat - ok
13:13:33.0003 7320	iPod Service (49918803b661367023bf325cf602afdc) C:\Program Files\iPod\bin\iPodService.exe
13:13:33.0112 7320	iPod Service - ok
13:13:33.0128 7320	IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:13:34.0034 7320	IPSec - ok
13:13:34.0034 7320	IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
13:13:34.0800 7320	IRENUM - ok
13:13:34.0847 7320	isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:13:35.0722 7320	isapnp - ok
13:13:35.0784 7320	JavaQuickStarterService (5e06a9d23727daf96faa796f1135fdcd) C:\Program Files\Java\jre6\bin\jqs.exe
13:13:35.0894 7320	JavaQuickStarterService - ok
13:13:35.0925 7320	Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:13:36.0784 7320	Kbdclass - ok
13:13:36.0800 7320	kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:13:37.0675 7320	kbdhid - ok
13:13:37.0706 7320	kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
13:13:38.0581 7320	kmixer - ok
13:13:38.0612 7320	km_filter (097ba59ba201c9270a704cc04670b553) C:\WINDOWS\system32\drivers\km_filter.sys
13:13:38.0690 7320	km_filter ( UnsignedFile.Multi.Generic ) - warning
13:13:38.0690 7320	km_filter - detected UnsignedFile.Multi.Generic (1)
13:13:38.0737 7320	KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
13:13:38.0909 7320	KSecDD - ok
13:13:38.0956 7320	LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
13:13:39.0112 7320	LanmanServer - ok
13:13:39.0159 7320	lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
13:13:39.0331 7320	lanmanworkstation - ok
13:13:39.0378 7320	Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys
13:13:39.0456 7320	Lbd - ok
13:13:39.0472 7320	lbrtfdc - ok
13:13:39.0659 7320	LeapFrog Connect Device Service (24a7d535bd9e58e5bc1ac52ef7e2ec8e) C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
13:13:40.0050 7320	LeapFrog Connect Device Service - ok
13:13:40.0097 7320	LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
13:13:41.0034 7320	LmHosts - ok
13:13:41.0128 7320	McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe
13:13:41.0315 7320	McciCMService ( UnsignedFile.Multi.Generic ) - warning
13:13:41.0315 7320	McciCMService - detected UnsignedFile.Multi.Generic (1)
13:13:41.0394 7320	MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
13:13:41.0565 7320	MDM - ok
13:13:41.0581 7320	Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
13:13:42.0440 7320	Messenger - ok
13:13:42.0487 7320	mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
13:13:42.0894 7320	mnmdd - ok
13:13:42.0940 7320	mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
13:13:43.0862 7320	mnmsrvc - ok
13:13:43.0893 7320	Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
13:13:44.0784 7320	Modem - ok
13:13:44.0831 7320	Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:13:45.0690 7320	Mouclass - ok
13:13:45.0722 7320	mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:13:46.0143 7320	mouhid - ok
13:13:46.0175 7320	MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
13:13:47.0050 7320	MountMgr - ok
13:13:47.0081 7320	MpFilter (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
13:13:47.0143 7320	MpFilter - ok
13:13:47.0268 7320	MpKsl7f246045 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{58692E6C-EF0E-4D92-AF06-FF73020BA7D6}\MpKsl7f246045.sys
13:13:47.0315 7320	MpKsl7f246045 - ok
13:13:47.0362 7320	MR97310_USB_DUAL_CAMERA (2d5990203cb98b7dfd13d73d71c48028) C:\WINDOWS\system32\DRIVERS\mr97310c.sys
13:13:47.0472 7320	MR97310_USB_DUAL_CAMERA - ok
13:13:47.0503 7320	mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
13:13:47.0956 7320	mraid35x - ok
13:13:48.0050 7320	MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
13:13:48.0143 7320	MREMP50 ( UnsignedFile.Multi.Generic ) - warning
13:13:48.0143 7320	MREMP50 - detected UnsignedFile.Multi.Generic (1)
13:13:48.0175 7320	MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
13:13:48.0222 7320	MRESP50 ( UnsignedFile.Multi.Generic ) - warning
13:13:48.0222 7320	MRESP50 - detected UnsignedFile.Multi.Generic (1)
13:13:48.0268 7320	MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:13:49.0097 7320	MRxDAV - ok
13:13:49.0159 7320	MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:13:49.0268 7320	MRxSmb - ok
13:13:49.0315 7320	MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
13:13:50.0175 7320	MSDTC - ok
13:13:50.0190 7320	Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
13:13:51.0065 7320	Msfs - ok
13:13:51.0081 7320	MSIServer - ok
13:13:51.0112 7320	MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:13:52.0034 7320	MSKSSRV - ok
13:13:52.0175 7320	MsMpSvc (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:13:52.0206 7320	MsMpSvc - ok
13:13:52.0237 7320	MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:13:53.0081 7320	MSPCLOCK - ok
13:13:53.0096 7320	MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
13:13:53.0893 7320	MSPQM - ok
13:13:53.0925 7320	mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:13:54.0721 7320	mssmbios - ok
13:13:54.0784 7320	MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
13:13:55.0581 7320	MSTEE - ok
13:13:55.0628 7320	Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
13:13:55.0737 7320	Mup - ok
13:13:55.0784 7320	NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
13:13:56.0596 7320	NABTSFEC - ok
13:13:56.0628 7320	napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
13:13:57.0534 7320	napagent - ok
13:13:57.0581 7320	NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
13:13:58.0503 7320	NDIS - ok
13:13:58.0549 7320	NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
13:13:59.0393 7320	NdisIP - ok
13:13:59.0440 7320	NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:13:59.0549 7320	NdisTapi - ok
13:13:59.0581 7320	Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:14:00.0471 7320	Ndisuio - ok
13:14:00.0487 7320	NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:14:01.0393 7320	NdisWan - ok
13:14:01.0440 7320	NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
13:14:01.0518 7320	NDProxy - ok
13:14:01.0565 7320	Netaapl (1352e1648213551923a0a822e441553c) C:\WINDOWS\system32\DRIVERS\netaapl.sys
13:14:01.0659 7320	Netaapl - ok
13:14:01.0674 7320	NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
13:14:02.0518 7320	NetBIOS - ok
13:14:02.0534 7320	NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
13:14:03.0424 7320	NetBT - ok
13:14:03.0456 7320	NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:14:04.0393 7320	NetDDE - ok
13:14:04.0393 7320	NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
13:14:05.0534 7320	NetDDEdsdm - ok
13:14:05.0565 7320	Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:14:06.0424 7320	Netlogon - ok
13:14:06.0456 7320	Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
13:14:07.0362 7320	Netman - ok
13:14:07.0440 7320	NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:14:07.0471 7320	NetTcpPortSharing - ok
13:14:07.0518 7320	NielGfx (dc810d3a9c6ffa0d265776b72fe82cd1) C:\WINDOWS\system32\drivers\nielgfx.sys
13:14:07.0596 7320	NielGfx - ok
13:14:07.0643 7320	nielprt (7cd1343788a92427f273ad5cc8bc272b) C:\WINDOWS\system32\DRIVERS\nielprt.sys
13:14:07.0721 7320	nielprt - ok
13:14:07.0815 7320	NielsenUpdate (33fea967497e9f6b2457d1c4e8eb11a0) C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
13:14:07.0940 7320	NielsenUpdate - ok
13:14:07.0987 7320	Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
13:14:08.0112 7320	Nla - ok
13:14:08.0159 7320	nnrnstdi (c6cd620d974e58bb5e93acb67d08db01) C:\WINDOWS\system32\drivers\nnrnstdi.sys
13:14:08.0221 7320	nnrnstdi ( UnsignedFile.Multi.Generic ) - warning
13:14:08.0221 7320	nnrnstdi - detected UnsignedFile.Multi.Generic (1)
13:14:08.0237 7320	Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
13:14:09.0143 7320	Npfs - ok
13:14:09.0205 7320	Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
13:14:10.0096 7320	Ntfs - ok
13:14:10.0143 7320	NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:14:11.0002 7320	NtLmSsp - ok
13:14:11.0049 7320	NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
13:14:11.0940 7320	NtmsSvc - ok
13:14:11.0971 7320	Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
13:14:12.0377 7320	Null - ok
13:14:12.0393 7320	NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:14:12.0799 7320	NwlnkFlt - ok
13:14:12.0815 7320	NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:14:13.0221 7320	NwlnkFwd - ok
13:14:13.0299 7320	ose (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:14:13.0330 7320	ose - ok
13:14:13.0362 7320	Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
13:14:14.0174 7320	Parport - ok
13:14:14.0190 7320	PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
13:14:15.0002 7320	PartMgr - ok
13:14:15.0018 7320	ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
13:14:15.0440 7320	ParVdm - ok
13:14:15.0455 7320	PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
13:14:16.0346 7320	PCI - ok
13:14:16.0377 7320	PCIDump - ok
13:14:16.0408 7320	PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
13:14:16.0815 7320	PCIIde - ok
13:14:16.0815 7320	Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
13:14:17.0721 7320	Pcmcia - ok
13:14:17.0737 7320	PDCOMP - ok
13:14:17.0752 7320	PDFRAME - ok
13:14:17.0768 7320	PDRELI - ok
13:14:17.0768 7320	PDRFRAME - ok
13:14:17.0799 7320	perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
13:14:18.0205 7320	perc2 - ok
13:14:18.0237 7320	perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
13:14:18.0658 7320	perc2hib - ok
13:14:18.0721 7320	PfModNT (0abc514f6606324ce15484d079027798) C:\WINDOWS\system32\drivers\PfModNT.sys
13:14:18.0768 7320	PfModNT ( UnsignedFile.Multi.Generic ) - warning
13:14:18.0768 7320	PfModNT - detected UnsignedFile.Multi.Generic (1)
13:14:18.0815 7320	PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
13:14:18.0908 7320	PlugPlay - ok
13:14:18.0955 7320	Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
13:14:19.0049 7320	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
13:14:19.0049 7320	Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
13:14:19.0080 7320	PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:14:19.0940 7320	PolicyAgent - ok
13:14:20.0002 7320	PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:14:20.0877 7320	PptpMiniport - ok
13:14:20.0893 7320	ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:14:21.0690 7320	ProtectedStorage - ok
13:14:21.0721 7320	PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
13:14:22.0549 7320	PSched - ok
13:14:22.0565 7320	Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:14:22.0986 7320	Ptilink - ok
13:14:23.0033 7320	PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
13:14:23.0065 7320	PxHelp20 - ok
13:14:23.0111 7320	ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
13:14:23.0533 7320	ql1080 - ok
13:14:23.0549 7320	Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
13:14:24.0002 7320	Ql10wnt - ok
13:14:24.0018 7320	ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
13:14:24.0486 7320	ql12160 - ok
13:14:24.0486 7320	ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
13:14:24.0940 7320	ql1240 - ok
13:14:24.0971 7320	ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
13:14:25.0440 7320	ql1280 - ok
13:14:25.0455 7320	RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:14:25.0861 7320	RasAcd - ok
13:14:25.0908 7320	RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
13:14:26.0799 7320	RasAuto - ok
13:14:26.0830 7320	Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:14:27.0690 7320	Rasl2tp - ok
13:14:27.0721 7320	RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
13:14:28.0705 7320	RasMan - ok
13:14:28.0705 7320	RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:14:29.0611 7320	RasPppoe - ok
13:14:29.0627 7320	Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
13:14:30.0033 7320	Raspti - ok
13:14:30.0064 7320	Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:14:30.0924 7320	Rdbss - ok
13:14:30.0971 7320	RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:14:31.0361 7320	RDPCDD - ok
13:14:31.0408 7320	rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
13:14:32.0330 7320	rdpdr - ok
13:14:32.0361 7320	RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
13:14:32.0486 7320	RDPWD - ok
13:14:32.0549 7320	RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
13:14:33.0486 7320	RDSessMgr - ok
13:14:33.0549 7320	redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
13:14:34.0424 7320	redbook - ok
13:14:34.0471 7320	RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
13:14:35.0377 7320	RemoteAccess - ok
13:14:35.0408 7320	RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
13:14:36.0236 7320	RemoteRegistry - ok
13:14:36.0283 7320	RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
13:14:37.0174 7320	RFCOMM - ok
13:14:37.0221 7320	RimUsb (f17713d108aca124a139fde877eef68a) C:\WINDOWS\system32\Drivers\RimUsb.sys
13:14:37.0361 7320	RimUsb - ok
13:14:37.0502 7320	RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
13:14:37.0658 7320	RimVSerPort - ok
13:14:37.0705 7320	ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
13:14:38.0111 7320	ROOTMODEM - ok
13:14:38.0205 7320	Roxio UPnP Renderer 9 (afd61a7c48a3e15c86a6fadf0b69a2e4) C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
13:14:38.0283 7320	Roxio UPnP Renderer 9 - ok
13:14:38.0314 7320	Roxio Upnp Server 9 (efbb36e2bb02169d26e9980778fc20d3) C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
13:14:38.0439 7320	Roxio Upnp Server 9 - ok
13:14:38.0549 7320	RoxLiveShare9 (36298ad2c6ec49a56a94580efc112d5a) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
13:14:38.0674 7320	RoxLiveShare9 - ok
13:14:38.0736 7320	RoxMediaDB9 (a9efceac45ede62ca05bb966b4798a14) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
13:14:38.0892 7320	RoxMediaDB9 - ok
13:14:38.0939 7320	RoxWatch9 (5bd1fd70536147e393b39f86b9d13a92) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
13:14:39.0033 7320	RoxWatch9 - ok
13:14:39.0111 7320	RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
13:14:40.0017 7320	RpcLocator - ok
13:14:40.0064 7320	RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
13:14:40.0205 7320	RpcSs - ok
13:14:40.0236 7320	RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
13:14:40.0736 7320	RSVP - ok
13:14:40.0767 7320	SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
13:14:41.0658 7320	SamSs - ok
13:14:41.0689 7320	SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
13:14:42.0502 7320	SCardSvr - ok
13:14:42.0533 7320	Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
13:14:43.0392 7320	Schedule - ok
13:14:43.0439 7320	Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:14:44.0127 7320	Secdrv - ok
13:14:44.0174 7320	seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
13:14:45.0049 7320	seclogon - ok
13:14:45.0064 7320	SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
13:14:45.0970 7320	SENS - ok
13:14:46.0002 7320	Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
13:14:46.0877 7320	Serial - ok
13:14:46.0939 7320	Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
13:14:47.0799 7320	Sfloppy - ok
13:14:47.0845 7320	SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
13:14:48.0752 7320	SharedAccess - ok
13:14:48.0798 7320	ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:14:48.0908 7320	ShellHWDetection - ok
13:14:48.0970 7320	Simbad - ok
13:14:49.0002 7320	sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
13:14:49.0908 7320	sisagp - ok
13:14:49.0955 7320	SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
13:14:50.0814 7320	SLIP - ok
13:14:50.0861 7320	Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
13:14:50.0908 7320	Sparrow - ok
13:14:50.0955 7320	splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
13:14:51.0064 7320	splitter - ok
13:14:51.0095 7320	Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
13:14:51.0252 7320	Spooler - ok
13:14:51.0377 7320	sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
13:14:51.0502 7320	sprtsvc_DellSupportCenter - ok
13:14:51.0548 7320	sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
13:14:52.0298 7320	sr - ok
13:14:52.0345 7320	srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
13:14:53.0080 7320	srservice - ok
13:14:53.0142 7320	Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
13:14:53.0267 7320	Srv - ok
13:14:53.0298 7320	SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
13:14:54.0033 7320	SSDPSRV - ok
13:14:54.0064 7320	stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
13:14:55.0001 7320	stisvc - ok
13:14:55.0111 7320	stllssvr (1d0063597c3666404fcf97698abeb019) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
13:14:55.0220 7320	stllssvr - ok
13:14:55.0267 7320	streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
13:14:56.0126 7320	streamip - ok
13:14:56.0173 7320	swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
13:14:56.0986 7320	swenum - ok
13:14:57.0048 7320	SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:14:57.0220 7320	SwitchBoard ( UnsignedFile.Multi.Generic ) - warning
13:14:57.0220 7320	SwitchBoard - detected UnsignedFile.Multi.Generic (1)
13:14:57.0283 7320	swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
13:14:58.0126 7320	swmidi - ok
13:14:58.0158 7320	SwPrv - ok
13:14:58.0189 7320	symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
13:14:58.0595 7320	symc810 - ok
13:14:58.0611 7320	symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
13:14:59.0080 7320	symc8xx - ok
13:14:59.0095 7320	sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
13:14:59.0501 7320	sym_hi - ok
13:14:59.0501 7320	sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
13:14:59.0970 7320	sym_u3 - ok
13:14:59.0986 7320	sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
13:15:00.0861 7320	sysaudio - ok
13:15:00.0892 7320	SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
13:15:01.0767 7320	SysmonLog - ok
13:15:01.0783 7320	TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
13:15:02.0673 7320	TapiSrv - ok
13:15:02.0736 7320	tclondrv (1cdfcf0542e7eefe22ba502bfe452b12) C:\WINDOWS\system32\DRIVERS\tclondrv.sys
13:15:02.0798 7320	tclondrv ( UnsignedFile.Multi.Generic ) - warning
13:15:02.0798 7320	tclondrv - detected UnsignedFile.Multi.Generic (1)
13:15:02.0845 7320 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:15:03.0017 7320	Tcpip - ok
13:15:03.0158 7320	TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
13:15:04.0017 7320	TDPIPE - ok
13:15:04.0048 7320	TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
13:15:04.0892 7320	TDTCP - ok
13:15:04.0939 7320	TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
13:15:05.0845 7320	TermDD - ok
13:15:05.0908 7320	TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
13:15:06.0798 7320	TermService - ok
13:15:06.0829 7320	Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
13:15:06.0939 7320	Themes - ok
13:15:06.0986 7320	TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
13:15:07.0751 7320	TlntSvr - ok
13:15:07.0767 7320	TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
13:15:08.0251 7320	TosIde - ok
13:15:08.0298 7320	TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
13:15:09.0111 7320	TrkWks - ok
13:15:09.0157 7320	Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
13:15:10.0032 7320	Udfs - ok
13:15:10.0220 7320	ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
13:15:10.0595 7320	ultra - ok
13:15:10.0611 7320	Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
13:15:11.0501 7320	Update - ok
13:15:11.0517 7320	upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
13:15:12.0251 7320	upnphost - ok
13:15:12.0282 7320	UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
13:15:13.0204 7320	UPS - ok
13:15:13.0251 7320	USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
13:15:13.0376 7320	USBAAPL - ok
13:15:13.0392 7320	usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:15:14.0267 7320	usbccgp - ok
13:15:14.0282 7320	usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:15:15.0157 7320	usbehci - ok
13:15:15.0220 7320	usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:15:16.0095 7320	usbhub - ok
13:15:16.0126 7320	usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
13:15:17.0032 7320	usbprint - ok
13:15:17.0064 7320	usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
13:15:17.0954 7320	usbscan - ok
13:15:17.0985 7320	USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:15:18.0829 7320	USBSTOR - ok
13:15:18.0829 7320	usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
13:15:19.0626 7320	usbuhci - ok
13:15:19.0657 7320	VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
13:15:20.0454 7320	VgaSave - ok
13:15:20.0501 7320	viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
13:15:21.0392 7320	viaagp - ok
13:15:21.0407 7320	ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
13:15:22.0360 7320	ViaIde - ok
13:15:22.0438 7320	Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files\Viewpoint\Common\ViewpointService.exe
13:15:22.0501 7320	Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - warning
13:15:22.0501 7320	Viewpoint Manager Service - detected UnsignedFile.Multi.Generic (1)
13:15:22.0517 7320	VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
13:15:23.0360 7320	VolSnap - ok
13:15:23.0392 7320	VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
13:15:24.0204 7320	VSS - ok
13:15:24.0235 7320	w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
13:15:25.0095 7320	w32time - ok
13:15:25.0126 7320	Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:15:25.0938 7320	Wanarp - ok
13:15:25.0985 7320	Wdf01000 (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
13:15:26.0032 7320	Wdf01000 - ok
13:15:26.0079 7320	WDICA - ok
13:15:26.0110 7320	wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
13:15:27.0048 7320	wdmaud - ok
13:15:27.0063 7320	WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
13:15:27.0985 7320	WebClient - ok
13:15:28.0063 7320	winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
13:15:28.0907 7320	winmgmt - ok
13:15:29.0048 7320	wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:15:29.0204 7320	wlidsvc - ok
13:15:29.0251 7320	WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
13:15:29.0407 7320	WmdmPmSN - ok
13:15:29.0454 7320	Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
13:15:29.0641 7320	Wmi - ok
13:15:29.0688 7320	WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:15:30.0595 7320	WmiApSrv - ok
13:15:30.0673 7320	WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
13:15:30.0970 7320	WMPNetworkSvc - ok
13:15:31.0032 7320	WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
13:15:31.0126 7320	WpdUsb - ok
13:15:31.0282 7320	WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:15:31.0345 7320	WPFFontCache_v0400 - ok
13:15:31.0391 7320	wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
13:15:32.0360 7320	wscsvc - ok
13:15:32.0391 7320	WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
13:15:33.0204 7320	WSTCODEC - ok
13:15:33.0251 7320	WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:15:33.0360 7320	WudfPf - ok
13:15:33.0407 7320	WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:15:33.0501 7320	WudfRd - ok
13:15:33.0532 7320	WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
13:15:33.0610 7320	WudfSvc - ok
13:15:33.0688 7320	WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
13:15:34.0626 7320	WZCSVC - ok
13:15:34.0657 7320	xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
13:15:35.0563 7320	xmlprov - ok
13:15:35.0673 7320	YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
13:15:35.0923 7320	YahooAUService - ok
13:15:35.0954 7320	MBR (0x1B8) (e9f67288208d53ef770f82e186904857) \Device\Harddisk0\DR0
13:15:35.0985 7320	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
13:15:35.0985 7320	\Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
13:15:36.0032 7320	\Device\Harddisk0\DR0 ( TDSS File System ) - warning
13:15:36.0032 7320	\Device\Harddisk0\DR0 - detected TDSS File System (1)
13:15:36.0048 7320	Boot (0x1200) (b4540bdf3909fa9bb540482b28ca3c25) \Device\Harddisk0\DR0\Partition0
13:15:36.0063 7320	\Device\Harddisk0\DR0\Partition0 - ok
13:15:36.0063 7320	============================================================
13:15:36.0063 7320	Scan finished
13:15:36.0063 7320	============================================================
13:15:36.0204 4028	Detected object count: 21
13:15:36.0204 4028	Actual detected object count: 21
13:15:59.0641 4028	Akamai ( HiddenFile.Multi.Generic ) - skipped by user
13:15:59.0641 4028	Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip 
13:15:59.0641 4028	ATHFMWDL ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0641 4028	ATHFMWDL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0641 4028	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0641 4028	Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0641 4028	Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0641 4028	Autodesk Network Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0641 4028	btwmodem ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0641 4028	btwmodem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0657 4028	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0657 4028	BVRPMPR5 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0657 4028	Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0657 4028	Creative Service for CDROM Access ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0657 4028	DFUBTUSB ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0657 4028	DFUBTUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0657 4028	IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0657 4028	IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0657 4028	km_filter ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0657 4028	km_filter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0657 4028	McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0657 4028	McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0657 4028	MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0657 4028	MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0657 4028	MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0657 4028	MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0672 4028	nnrnstdi ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0672 4028	nnrnstdi ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0672 4028	PfModNT ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0672 4028	PfModNT ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0672 4028	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0672 4028	Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0672 4028	SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0672 4028	SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0672 4028	tclondrv ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0672 4028	tclondrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0672 4028	Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - skipped by user
13:15:59.0672 4028	Viewpoint Manager Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
13:15:59.0750 4028	\Device\Harddisk0\DR0\# - copied to quarantine
13:15:59.0782 4028	\Device\Harddisk0\DR0 - copied to quarantine
13:16:00.0313 4028	\Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
13:16:00.0344 4028	\Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:16:00.0563 4028	\Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
13:16:00.0703 4028	\Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:16:00.0813 4028	\Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:16:01.0141 4028	\Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
13:16:03.0438 4028	\Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
13:16:03.0594 4028	\Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
13:16:03.0610 4028	\Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
13:16:03.0610 4028	\Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
13:16:03.0625 4028	\Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
13:16:03.0672 4028	\Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
13:16:03.0735 4028	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
13:16:03.0735 4028	\Device\Harddisk0\DR0 - ok
13:16:03.0813 4028	\Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 
13:16:03.0813 4028	\Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
13:16:03.0813 4028	\Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 
13:18:07.0685 3164	Deinitialize success


----------



## kevinf80 (Mar 21, 2006)

Yes you took the correct action. Once TDSSKiller had removed the Rootkit the rest of the infection was easy meat for MSE.

I`d like you to do a full scan with MSE, we need to confirm there are no remnants of the original infection. When MSE completes run TDSSKiller again, when you see the following entry:

*\Device\Harddisk0\DR0 ( TDSS File System )* select *Delete* that is an inert remnant but is better off your system.

When all of that is finished run this:

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

That will give an overview of your security and status of java, adobe etc....

I`ve got to go out but will catch up later, maybe 3 to 4 hours....

Kevin


----------



## flavallee (May 12, 2002)

chickie225 said:


> Dell Inspiron 530S
> Pentium(R) Dual-Core CPU
> E5200 @ *2.50 GHz*
> *1.60 GHz*, 2.99 GB of RAM
> Physical Address Extension


One reason for the slowness problem is because the processor is rated at 2.50 GHZ, but it's running at only 1.60 GHz - about 64% of its rated speed.

Go to Control Panel - Power Options, then change the power scheme to *Always On*, then click Apply - OK, then restart the computer.

Send me the new *Computer:* information so we can confirm the processor is running at or near its rated speed now.

--------------------------------------------------------



chickie225 said:


> I uninstalled all listed except uTorrent because I use that often


What do you use *uTorrent* often for?

--------------------------------------------------------

Kevin is here to assist you, so you're in good hands. :up:

--------------------------------------------------------


----------



## chickie225 (Sep 18, 2007)

Sorry that took so long!! MSE took 6 hours to complete the full scan, but it said everything was fine. I did what you said and deleted that file and MSE popped up again with the same virus notices as before. I followed the prompts again. Here is the other log you asked for:

Results of screen317's Security Check version 0.99.32 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
AVG 2011 
Microsoft Security Essentials 
Antivirus up to date! 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Ad-Aware 
SpywareBlaster 4.4 
HijackThis 2.0.2 
Java(TM) 6 Update 24 
*Java version out of date!* 
Adobe Flash Player 11.1.102.63 
Adobe Reader 9 *Adobe Reader out of date!* 
Mozilla Firefox (3.6.22) *Firefox out of Date!* 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Windows Defender MSMpEng.exe 
*Ad-Aware AAWService.exe is disabled!* 
*Ad-Aware AAWTray.exe is disabled!* 
Microsoft Security Essentials msseces.exe 
Microsoft Security Client Antimalware MsMpEng.exe 
NetRatingsNetSight NetSight NielsenOnline.exe 
*``````````End of Log````````````*


----------



## chickie225 (Sep 18, 2007)

When I went to Add or Remove Programs, Ad-Aware is *still* there. I tried to uninstall it again, and it appeared to go away. I restarted as prompted, but it's back again. AVG isn't listed on there at all.

Updated info:
Dell Inspiron 530S
Pentium(R) Dual-Core CPU
E5200 @ 2.50GHz
2.49 GHz, 2.99 GB of RAM
Physical Address Extension

(yay!)

I use uTorrent to download books and printables for my 8yo homeschooler.


----------



## kevinf80 (Mar 21, 2006)

Hiya chickie225,

Thanks for the update, do the following:

*Step 1*

Use the following tool to scan for and remove Ad-Aware and AVG, make sure to read the instructions from the second link...

Download AppRemover from *Here* and save it to your Desktop. Use the instructions from the following link to run the tool

Instructions for running the tool are available *Here* Please read them before running the tool.

*Step 2*

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

*Adobe Reader* Untick the Free McAfee® Security Scan Plus (optional)

*Step 3*

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. 
For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. 
The most current version of Sun Java is: Java Runtime Environment Version 6 Update 31.


 Go to *Sun Java*
 Select *Windows 7/XP/Vista/2000/2003/2008* If using 64 bit OS Select *Information about the 64-bit Java plug-in* and follow prompts
 Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
 Reboot your computer

*Step 4*

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select "Run as Administartor"
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

*Step 5*








Please download *Malwarebytes* Anti-Malware and save it to your desktop.
*Alernative D/L mirror*
*Alternative D/L mirror*

Double Click mbam-setup.exe to install the application.

 Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
 If an update is found, it will download and install the latest version.
 Once the program has loaded, select "Perform Quick Scan", then click Scan.
 The scan may take some time to finish,so please be patient.
 When the scan is complete, click OK, then Show Results to view the results.
 Make sure that everything is checked, and click Remove Selected.
 When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
 Please save the log to a location you will remember.
 The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
 Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Let me know if all of the above steps completed OK. Post the log from Malwarebytes. I recommend you keep MB, it is an excellent tool to have in your security arsenal. The free version does not give "realtime" protection but can be used for stand alone scans, always remember to update first....

Also let me know if you have any remaining issues or concerns.... One other point, if you use Firefox make sure to update to the current version. You can get it here http://www.filehippo.com/download_firefox/ Do not d/l beta version 12, get the stable version 11.0, you`ll see it in the righthand pane...

Kevin


----------



## chickie225 (Sep 18, 2007)

1. I followed all the steps, but neither AVG nor AdAware showed up on the list. I even clicked on the arrow that generated a larger list. The only thing that popped up on the first list was MSE.

2. I thought I updated Adobe Reader a couple of weeks ago, so when that log showed it was out of date, I went to it, clicked on update, and it showed that it was current. I used the link you provided, same thing.

3. Updated Java and rebooted.

Please advise me on what to do next. I didn't complete the last couple of steps in case I just have to do them again anyway  Thanks for all your help!!


----------



## flavallee (May 12, 2002)

chickie225 said:


> Dell Inspiron 530S
> Pentium(R) Dual-Core CPU
> E5200 @ *2.50 GHz*
> *2.49 GHz*, 2.99 GB of RAM
> Physical Address Extension


The processor is now running at its rated speed. :up:

----------------------------------------------------------

That bloated startup load needs to be trimmed down, but that can wait for now.

----------------------------------------------------------


----------



## kevinf80 (Mar 21, 2006)

Download *OTL* to your desktop.
*Alternative Link 1*
*Alternative Link 2*
*Alternative Link3*

Double click the icon to start the tool. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run 
As Administrator).

	Please check the box next to "LOP check" and Purtiy check
	Click *Run Scan* and let the program run uninterrupted.
	When the scan is complete, two text files will be created on your Desktop.
	*OTL.Txt* <- this one will be opened
	*Extras.txt* <- this one will be minimized

Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of *OTL.Txt* and the *Extras.txt* in your next reply.


----------



## chickie225 (Sep 18, 2007)

Good grief, I just saw this post. I somehow didn't get the notification, and I thought you took the weekend off 

OTL logfile created on: 3/26/2012 12:39:04 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Jennifer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 75.83% Memory free
4.83 Gb Paging File | 4.31 Gb Available in Paging File | 89.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 99.95 Gb Free Space | 33.54% Space Free | Partition Type: NTFS

Computer Name: NAPIER | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/26 12:37:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer\Desktop\OTL.com
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2011/09/01 09:29:04 | 001,408,872 | ---- | M] (Garmin) -- C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/05/03 19:46:26 | 000,306,496 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/11/19 14:38:08 | 000,193,880 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
PRC - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
PRC - [2010/11/11 10:52:48 | 002,287,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe
PRC - [2009/10/30 12:52:52 | 000,047,456 | ---- | M] (The Nielsen Company) -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe
PRC - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/10/04 13:58:02 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/07/15 16:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe
PRC - [2004/12/02 18:23:34 | 000,102,400 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
PRC - [2004/02/26 01:17:56 | 000,176,128 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe

========== Modules (No Company Name) ==========

MOD - [2012/02/09 20:10:38 | 003,340,064 | ---- | M] () -- c:\Program Files\Common Files\Akamai\netsession_win_7de0ed9.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/13 03:11:14 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll
MOD - [2011/10/13 03:11:06 | 007,950,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MOD - [2011/10/13 03:10:53 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/10/13 03:07:40 | 000,391,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\1faca3f09472860e010689b67c68a327\System.Xml.Linq.ni.dll
MOD - [2011/10/13 03:07:39 | 001,781,760 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xaml\4185130eda1d7a5e0e0474e72343570b\System.Xaml.ni.dll
MOD - [2011/10/13 03:04:18 | 017,671,168 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\63d537bacaab5416d09a2a3cdf6a3667\PresentationFramework.ni.dll
MOD - [2011/10/13 03:04:00 | 000,656,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\61aa640996b77695572adefea8fd36b7\PresentationFramework.Luna.ni.dll
MOD - [2011/10/13 03:03:58 | 011,106,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PresentationCore\75f3656725581b2c90785755775bdf48\PresentationCore.ni.dll
MOD - [2011/10/13 03:03:57 | 013,137,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f2a34f1fb98ab9e8a76a22e132e18b21\System.Windows.Forms.ni.dll
MOD - [2011/10/13 03:03:48 | 001,652,736 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\c04dcef499114715d2a222c01ea6b227\System.Drawing.ni.dll
MOD - [2011/10/13 03:03:44 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a401952384c24581989cdc85270f3d9d\System.Xml.ni.dll
MOD - [2011/10/13 03:03:43 | 007,054,336 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\52598abacb89081ab248f435d9dabdf4\System.Core.ni.dll
MOD - [2011/10/13 03:03:40 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\cb7cfe8f0e8532f6381c22bf719a95dc\System.Configuration.ni.dll
MOD - [2011/10/13 03:03:39 | 003,798,016 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\WindowsBase\6e1c62ce679c8157560c7593c066cd85\WindowsBase.ni.dll
MOD - [2011/10/13 03:03:31 | 009,085,952 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\af709611f9ffff0544b1d750303c4afa\System.ni.dll
MOD - [2011/10/13 03:03:24 | 014,407,680 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\52f4f785f7cf45a64606a8e13c8cf04c\mscorlib.ni.dll
MOD - [2011/05/03 19:41:32 | 000,247,296 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\nsmmc.dll
MOD - [2010/11/11 10:52:48 | 002,287,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe
MOD - [2010/10/04 17:55:30 | 000,264,704 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter9\npwmi.dll
MOD - [2010/10/04 17:55:14 | 000,292,864 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter9\npsurvey.dll
MOD - [2010/10/04 17:55:04 | 000,184,320 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter9\npsp1.dll
MOD - [2010/10/04 17:48:26 | 000,485,376 | ---- | M] () -- C:\Program Files\NetRatingsNetSight\NetSight\meter9\communication.dll
MOD - [2010/01/31 23:52:12 | 008,347,648 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MOD - [2010/01/31 23:52:12 | 002,244,608 | ---- | M] () -- C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MOD - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
MOD - [2009/08/19 10:05:50 | 001,581,056 | ---- | M] () -- C:\Program Files\Flip Video\FlipShare\QtCore4.dll
MOD - [2008/04/14 07:00:00 | 000,355,112 | ---- | M] () -- C:\WINDOWS\system32\msjetoledb40.dll
MOD - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
MOD - [2007/02/07 16:51:20 | 000,188,416 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncRs.crl
MOD - [2004/02/26 01:18:04 | 000,565,248 | R--- | M] () -- C:\WINDOWS\system32\hpotscl.dll

========== Win32 Services (SafeList) ==========

SRV - [2012/02/09 20:10:38 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2011/05/03 19:46:26 | 000,306,496 | ---- | M] (The Nielsen Company) [Auto | Running] -- C:\Program Files\NetRatingsNetSight\NetSight\NielsenUpdate.exe -- (NielsenUpdate)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/11/19 14:29:00 | 004,916,568 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)
SRV - [2010/07/06 14:54:40 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/29 18:26:05 | 000,079,360 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/19 10:09:40 | 000,451,904 | ---- | M] () [Auto | Running] -- C:\Program Files\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2009/02/03 20:32:41 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/04 13:58:04 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008/06/05 23:41:12 | 001,322,648 | ---- | M] (Autodesk, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe -- (Autodesk Network Licensing Service)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Jennifer\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\btwusb.sys -- (BTWUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btwdndis.sys -- (BTWDNDIS)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btkrnl.sys -- (BTKRNL)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\btport.sys -- (BTDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\btaudio.sys -- (btaudio)
DRV - [2011/08/02 18:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/12/03 04:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2010/07/21 09:00:00 | 000,020,352 | ---- | M] (TuneClone Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\tclondrv.sys -- (tclondrv)
DRV - [2010/05/26 21:21:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/05/26 21:20:34 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2009/12/29 15:10:04 | 000,009,088 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nielgfx.sys -- (NielGfx)
DRV - [2009/12/29 15:09:44 | 000,024,192 | ---- | M] (The Nielsen Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nielprt.sys -- (nielprt)
DRV - [2009/12/29 15:08:04 | 000,015,360 | ---- | M] (The Nielsen Company) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\nnrnstdi.sys -- (nnrnstdi)
DRV - [2009/12/29 15:08:02 | 000,010,368 | ---- | M] (The Nielsen Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\km_filter.sys -- (km_filter)
DRV - [2009/09/30 21:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2008/04/01 14:33:16 | 000,018,560 | ---- | M] (LeapFrog) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FlyUsb.sys -- (FlyUsb)
DRV - [2007/07/16 21:48:54 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/05/02 13:38:42 | 000,110,720 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2005/07/26 15:32:14 | 000,348,352 | ---- | M] (D-Link Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2005/07/07 15:01:36 | 000,030,189 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem)
DRV - [2005/07/07 15:01:20 | 000,017,516 | R--- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2005/03/15 20:11:00 | 000,043,392 | R--- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090204
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2090204
IE - HKLM\..\SearchScopes,DefaultScope = {5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm003W2us&ptb=C6C3A8FC-C383-48EC-BC33-FF39669A9E05&ind=2011111619&ptnrS=RGxdm003W2us&si=CK-Al7mxvKwCFZIDQAodOCAqqw&n=77df20c3&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{44C7E52F-4720-4D56-8052-F67677023468}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm003W2us&ptb=C6C3A8FC-C383-48EC-BC33-FF39669A9E05&ind=2011111619&ptnrS=RGxdm003W2us&si=CK-Al7mxvKwCFZIDQAodOCAqqw&n=77df20c3&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{623D51CD-B4A7-4113-BF21-D249A3B655EC}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{68675C53-0ED7-4F4C-A670-7A8E3CD26C0A}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{70310E59-17F5-44A7-9C94-8BCED2A78E05}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80552&lng=en
IE - HKCU\..\SearchScopes\{CF850461-9BE6-4CE1-87E7-414D6AD693B9}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=8295d542-c440-4368-816c-42274ad5aec3&apn_sauid=B8E35837-35EB-4F4A-8E96-5EFBA1CCBF03&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "bing"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}:1.9.0
FF - prefs.js..extensions.enabledItems: [email protected]:4.4.0.7
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2.1.98
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q="
FF - prefs.js..network.proxy.http: "88.224.81.176:8080"
FF - prefs.js..network.proxy.socks: "70.148.50.51:1080"
FF - prefs.js..network.proxy.socks_version: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.Retrogamer_2z.com/Plugin: C:\Program Files\Retrogamer_2zEI\Installr\3.bin\NP2zEISB.dll (Retrogamer)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\PROGRA~1\SONYON~1\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Documents and Settings\Jennifer\Application Data\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/06/11 08:49:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D908A1CC-54B4-4af9-9BB4-964F5BD3CDB7}: C:\Program Files\NetRatingsNetSight\NetSight\meter9\FFAddon\ [2012/03/19 05:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/24 07:19:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/24 07:52:55 | 000,000,000 | ---D | M]

[2009/03/12 20:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Extensions
[2012/03/24 07:11:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\84m4f9xb.default\extensions
[2010/07/20 13:41:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\84m4f9xb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/21 18:22:43 | 000,000,000 | ---D | M] (Oberon GamesBar) -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\84m4f9xb.default\extensions\[email protected]
[2011/12/05 13:28:56 | 000,000,000 | ---D | M] (EpicPlay Games) -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\84m4f9xb.default\extensions\[email protected]
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\84m4f9xb.default\searchplugins\askcom.xml
[2011/01/16 20:48:59 | 000,001,832 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\84m4f9xb.default\searchplugins\bing.xml
[2009/03/19 17:12:34 | 000,002,158 | ---- | M] () -- C:\Documents and Settings\Jennifer\Application Data\Mozilla\Firefox\Profiles\84m4f9xb.default\searchplugins\MySpace.xml
[2012/03/24 07:19:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/11/16 19:20:52 | 000,000,000 | ---D | M] (GameTap) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
[2012/03/19 05:28:27 | 000,000,000 | ---D | M] (Nielsen) -- C:\PROGRAM FILES\NETRATINGSNETSIGHT\NETSIGHT\METER9\FFADDON
[2012/03/12 23:39:39 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/01/18 22:38:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/01/18 22:38:19 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol500.dll
[2011/03/17 17:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/24 07:05:18 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/17 17:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/21 18:23:11 | 000,002,064 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bingober4171515.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\Application\17.0.963.83\pdf.dll
CHR - plugin: NielsenOnline (Enabled) = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.3.0_0\chrometracker.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
CHR - plugin: CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPcol500.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Documents and Settings\Jennifer\Application Data\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Free Realms Installer (Enabled) = C:\PROGRA~1\SONYON~1\npsoe.dll
CHR - plugin: Motive Plugin (Enabled) = C:\Program Files\Common Files\Motive\npMotive.dll
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll
CHR - plugin: Garmin Communicator Plug-In (Enabled) = C:\Program Files\Garmin GPS Plugin\npGarmin.dll
CHR - plugin: Retrogamer Installer Plugin Stub (Enabled) = C:\Program Files\Retrogamer_2zEI\Installr\3.bin\NP2zEISB.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\
CHR - Extension: Causality Games = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\femoooemgmjaebeodbbikbkmhlafenpl\9_0\
CHR - Extension: Learn 2 Fly = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\iimlhojpobfehmggmdiieenbnelkkdko\2.2.4_0\
CHR - Extension: Nielsen = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.3.0_0\
CHR - Extension: Cargo Bridge = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\keembkgclppcbilkekfgpobhldjjhpmn\1.5.7_0\
CHR - Extension: Nyan Cat = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\neimpplmbdhflkfojgmplkgflkgmodpd\3.0_0\

O1 HOSTS File: ([2011/01/14 12:48:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O2 - BHO: (Reg Error: Value error.) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa1.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (WOT Helper) - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O3 - HKLM\..\Toolbar: (WOT) - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WOT) - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NielsenOnline] C:\Program Files\NetRatingsNetSight\NetSight\NielsenOnline.exe (The Nielsen Company)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Boxoft Tools] C:\Documents and Settings\All Users\Application Data\Boxtools\Boxofttoolbox.exe ()
O4 - HKCU..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - http://tbedits.retrogamer.com/one-t...A8FC-C383-48EC-BC33-FF39669A9E05&n=2011111619 File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jennifer\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} http://www.seehere.com/ips-opdata/layout/fujius02/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www.freerealms.com/gamedata/FreeRealmsInstaller.cab (SonyOnlineInstallerX)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {4F29DE54-5EB7-4D76-B610-A86B5CD2A234} Reg Error: Key error. (GameTap Player)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} https://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab (20-20 3D Viewer for WEB)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} http://www.arkansashighways.com/Road/acgm.cab (ActiveCGM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FDDEC41F-C8C1-48C5-BAAB-9F3B72AE0C56}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\17.0.963.83\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\inbox {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O18 - Protocol\Handler\wot {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jennifer\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/14 00:27:45 | 000,000,000 | ---D | M] - C:\autodesk -- [ NTFS ]
O32 - AutoRun File - [2008/04/25 16:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/26 12:37:33 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jennifer\Desktop\OTL.com
[2012/03/24 09:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Desktop\new projects
[2012/03/24 07:06:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/03/24 07:05:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/24 07:05:35 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/24 07:05:35 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/24 07:05:35 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/24 07:01:07 | 000,910,112 | ---- | C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jennifer\Desktop\jre-6u31-windows-i586-iftw.exe
[2012/03/24 06:58:21 | 009,601,504 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Jennifer\Desktop\AppRemover.exe
[2012/03/23 13:15:59 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/03/23 13:10:55 | 002,066,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jennifer\Desktop\tdsskiller.exe
[2012/03/23 10:58:38 | 000,000,000 | -H-D | C] -- C:\BJPrinter
[2012/03/23 10:37:38 | 000,000,000 | ---D | C] -- C:\Data
[2012/03/22 21:17:53 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jennifer\Start Menu\Programs\Administrative Tools
[2012/03/22 21:15:19 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Jennifer\Desktop\dds.com
[2012/03/22 21:15:03 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe
[2012/03/22 21:14:42 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/03/22 21:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\HijackThis
[2012/03/22 01:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/03/21 20:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Desktop\The Simpsons Movie
[2012/03/21 20:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Desktop\VirtualDub-1.9.11
[2012/03/20 12:12:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\Image Zone Express
[2012/03/19 01:43:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\My Documents\Simply Super Software
[2012/03/18 18:08:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/03/18 18:07:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/03/18 15:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/03/18 15:38:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/03/16 01:14:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\redsn0w
[2012/03/16 01:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Desktop\redsn0w_win_0.9.10b5c
[2012/03/11 13:56:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\My Documents\Jessica's ****
[2012/03/08 21:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\SpeedyPC Software
[2012/03/08 21:51:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Application Data\DriverCure
[2012/03/08 21:50:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2012/03/04 17:38:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jennifer\Desktop\Pages to go through
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/26 12:37:35 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jennifer\Desktop\OTL.com
[2012/03/26 12:08:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/26 12:05:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/03/26 12:03:21 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/26 12:03:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/03/26 12:03:18 | 3209,871,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/26 11:51:00 | 000,000,990 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2521370338-3044359293-3588685089-1005UA.job
[2012/03/26 11:48:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/26 05:51:00 | 000,000,938 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2521370338-3044359293-3588685089-1005Core.job
[2012/03/26 02:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-NAPIER-Jennifer.job
[2012/03/24 07:53:02 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/24 07:05:17 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012/03/24 07:05:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012/03/24 07:05:17 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012/03/24 07:05:17 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012/03/24 07:05:16 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012/03/24 07:01:21 | 000,910,112 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Jennifer\Desktop\jre-6u31-windows-i586-iftw.exe
[2012/03/24 07:00:51 | 009,601,504 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Jennifer\Desktop\AppRemover.exe
[2012/03/24 01:49:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/23 21:36:14 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\prismShakeIcon.job
[2012/03/23 21:36:13 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\prismDowngrade.job
[2012/03/23 20:23:08 | 000,879,714 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\SecurityCheck.exe
[2012/03/23 19:25:28 | 000,011,869 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\****-you-mmqyer11-162336-530-316.jpg
[2012/03/23 19:18:21 | 000,062,425 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\23181-bef895-530-398.jpg
[2012/03/23 13:26:46 | 000,078,005 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\MSE.jpg
[2012/03/23 13:11:45 | 002,066,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jennifer\Desktop\tdsskiller.exe
[2012/03/23 12:36:43 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/23 11:09:24 | 000,000,434 | ---- | M] () -- C:\Program Files\0323201211092396.bat
[2012/03/23 10:31:45 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/03/22 21:16:37 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\1cemi2lk.exe
[2012/03/22 21:16:01 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Jennifer\Desktop\dds.com
[2012/03/22 21:15:32 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Jennifer\Desktop\HijackThis.exe
[2012/03/21 21:45:22 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/21 20:29:27 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012/03/21 20:28:39 | 001,707,366 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\VirtualDub-1.9.11.zip
[2012/03/20 18:43:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/03/20 01:50:57 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/03/20 01:50:57 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/03/17 14:56:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\photostageDowngrade.job
[2012/03/16 02:49:46 | 000,265,488 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/03/16 01:13:34 | 014,830,232 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\redsn0w_win_0.9.10b5c.zip
[2012/03/15 19:07:52 | 000,078,700 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\j-animal-alphabet-letters-to-print.png
[2012/03/15 15:07:06 | 000,486,246 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/15 15:07:06 | 000,081,464 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/15 15:03:28 | 004,470,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/08 22:51:33 | 000,046,649 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\normal_color_mandala1.jpg
[2012/03/08 22:51:01 | 000,077,312 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\mandala-2.jpg
[2012/03/08 22:50:51 | 000,153,754 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\2188244035_c153628966.jpg
[2012/03/08 22:48:52 | 000,375,369 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\mandala-colouring-sheets-11.gif
[2012/03/08 22:48:03 | 000,064,701 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\mandala_sample.gif
[2012/03/08 22:37:53 | 000,086,910 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\free-mandala-designs-to-print-2.gif
[2012/03/08 22:37:40 | 000,089,310 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\free-mandala-designs-to-print.gif
[2012/02/29 15:28:46 | 005,896,577 | ---- | M] () -- C:\Documents and Settings\Jennifer\Desktop\March.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/24 07:53:00 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2012/03/24 07:52:58 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
[2012/03/24 07:19:33 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2012/03/23 20:20:37 | 000,879,714 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\SecurityCheck.exe
[2012/03/23 19:25:30 | 000,011,869 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\****-you-mmqyer11-162336-530-316.jpg
[2012/03/23 19:18:39 | 000,062,425 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\23181-bef895-530-398.jpg
[2012/03/23 13:26:46 | 000,078,005 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\MSE.jpg
[2012/03/23 11:17:13 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/03/23 11:09:24 | 000,000,434 | ---- | C] () -- C:\Program Files\0323201211092396.bat
[2012/03/22 21:15:47 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\1cemi2lk.exe
[2012/03/21 20:29:26 | 000,000,294 | ---- | C] () -- C:\WINDOWS\tasks\expresszipShakeIcon.job
[2012/03/21 20:27:52 | 001,707,366 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\VirtualDub-1.9.11.zip
[2012/03/18 15:40:06 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/03/16 01:09:55 | 014,830,232 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\redsn0w_win_0.9.10b5c.zip
[2012/03/15 19:07:57 | 000,078,700 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\j-animal-alphabet-letters-to-print.png
[2012/03/08 22:51:34 | 000,046,649 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\normal_color_mandala1.jpg
[2012/03/08 22:51:03 | 000,077,312 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\mandala-2.jpg
[2012/03/08 22:50:51 | 000,153,754 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\2188244035_c153628966.jpg
[2012/03/08 22:48:55 | 000,375,369 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\mandala-colouring-sheets-11.gif
[2012/03/08 22:48:05 | 000,064,701 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\mandala_sample.gif
[2012/03/08 22:37:54 | 000,086,910 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\free-mandala-designs-to-print-2.gif
[2012/03/08 22:37:47 | 000,089,310 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\free-mandala-designs-to-print.gif
[2012/02/29 15:28:44 | 005,896,577 | ---- | C] () -- C:\Documents and Settings\Jennifer\Desktop\March.pdf
[2012/02/18 22:43:39 | 000,012,998 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\Comma Separated Values (Windows).CAL
[2012/02/18 22:39:03 | 000,012,994 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\Comma Separated Values (DOS).CAL
[2011/12/30 20:26:49 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\741ru66sb76k56220310iewikt6t435enf3ef14241w
[2011/12/30 20:26:49 | 000,013,170 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\741ru66sb76k56220310iewikt6t435enf3ef14241w
[2011/10/01 00:50:50 | 000,113,461 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\PhotoStage.dmp
[2011/09/11 19:16:17 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011/09/08 06:30:53 | 001,925,638 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-2521370338-3044359293-3588685089-1005-0.dat
[2011/09/08 06:30:53 | 000,981,806 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/05/23 23:40:52 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\Adobe PNG Format CS5 Prefs
[2011/05/23 23:32:57 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\Adobe GIF Format CS5 Prefs
[2011/04/20 05:11:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/20 05:11:40 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/03/04 00:07:48 | 000,265,488 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/08/29 02:13:45 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Jennifer\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2010/08/13 03:34:40 | 000,580,096 | ---- | C] () -- C:\WINDOWS\System32\lame.exe
[2010/08/13 03:34:40 | 000,496,640 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/08/13 03:34:40 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\Mp3Ctrl.dll
[2010/08/13 03:34:40 | 000,131,176 | ---- | C] () -- C:\WINDOWS\System32\mp3gain.exe
[2010/08/13 03:34:40 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\akrip32.dll
[2010/08/11 02:18:06 | 000,075,776 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2010/08/02 02:02:35 | 000,001,727 | ---- | C] () -- C:\Documents and Settings\Jennifer\Application Data\simplemoneymanager.ini
[2010/07/21 13:50:27 | 000,000,094 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2010/07/08 23:36:15 | 007,509,752 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

========== LOP Check ==========

[2009/02/07 21:20:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/08/26 08:46:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2012/01/13 03:47:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2010/11/26 17:11:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/03/26 12:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Boxtools
[2010/11/26 17:26:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/07/20 13:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DigitalBlue
[2010/10/16 22:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Easy Photo Sorter
[2010/07/06 22:14:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/11/16 19:20:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameTap Web Player
[2011/11/12 19:56:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Garmin
[2010/12/19 01:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog
[2012/01/24 16:24:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 2600 Series
[2010/07/25 10:49:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MagicSoftware
[2010/11/26 17:08:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/03/23 11:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media
[2009/02/03 20:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC-Doctor
[2009/02/03 20:35:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCDr
[2011/11/08 17:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PearlMountainSoft
[2010/08/28 15:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/06/11 08:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/07/28 23:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScreenVCR
[2012/03/12 06:51:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2009/02/03 20:35:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2012/03/22 21:55:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/03/18 19:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneClone
[2009/02/03 20:32:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Uninstall
[2009/06/16 01:13:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/07/04 08:36:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Web Page Maker
[2010/09/10 20:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wondershare
[2012/03/23 20:29:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2010/11/07 03:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/24 19:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/02/07 21:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\acccore
[2012/03/23 10:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Amazon
[2011/03/27 15:20:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\AnvSoft
[2010/08/26 08:48:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Ashampoo
[2010/09/09 18:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Autodesk
[2010/11/26 17:42:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\AVG10
[2012/02/18 22:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Blackberry Desktop
[2011/01/18 22:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Catalina Marketing Corp
[2010/12/02 01:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/02 02:05:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
[2012/03/08 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\DriverCure
[2010/05/29 09:29:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\E-centives
[2010/01/20 20:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\eMusic
[2010/02/14 20:29:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Facebook
[2009/03/15 20:48:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\FUJIFILM
[2011/09/08 00:42:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Garmin
[2009/12/13 18:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\GetRightToGo
[2011/01/07 21:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Hasbro
[2012/03/20 12:12:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Image Zone Express
[2011/07/11 20:32:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Inbox Toolbar
[2011/07/17 10:43:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\KeePass
[2011/11/17 09:15:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\LEGO Company
[2010/08/19 13:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Magic Collage
[2011/03/25 08:02:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\mediAvatar
[2011/12/21 20:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Oberon Media
[2011/11/08 17:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\PearlMountainSoft
[2012/03/16 01:22:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\redsn0w
[2011/09/22 23:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Research In Motion
[2010/08/08 13:47:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\SecondLife
[2010/08/02 02:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Simple Money Manager
[2010/08/02 02:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Simple Money Manager Standard - GAOTD
[2012/03/08 21:51:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\SpeedyPC Software
[2010/09/04 00:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2009/12/29 10:04:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Template
[2012/03/26 07:48:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\uTorrent
[2009/02/26 23:47:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Viewpoint
[2010/07/04 08:38:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jennifer\Application Data\Web Page Maker
[2012/03/24 01:49:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/03/21 20:29:27 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\expresszipShakeIcon.job
[2012/03/26 12:08:23 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2012/03/17 14:56:14 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\photostageDowngrade.job
[2011/11/02 02:01:01 | 000,000,294 | ---- | M] () -- C:\WINDOWS\Tasks\photostageShakeIcon.job
[2012/03/23 21:36:13 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\prismDowngrade.job
[2012/03/23 21:36:14 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\prismShakeIcon.job
[2011/03/27 14:58:19 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2011/04/02 14:58:01 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8405B4B0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FDCA119

< End of report >

OTL Extras logfile created on: 3/26/2012 12:39:04 PM - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = C:\Documents and Settings\Jennifer\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.99 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 75.83% Memory free
4.83 Gb Paging File | 4.31 Gb Available in Paging File | 89.30% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.04 Gb Total Space | 99.95 Gb Free Space | 33.54% Space Free | Partition Type: NTFS

Computer Name: NAPIER | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"1050:TCP" = 1050:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\SecondLifeViewer2\SLVoice.exe" = C:\Program Files\SecondLifeViewer2\SLVoice.exe:*:Enabled:SLVoice
"C:\Program Files\Autodesk\Backburner\monitor.exe" = C:\Program Files\Autodesk\Backburner\monitor.exe:*:Enabled:backburner 2.3 monitor -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\manager.exe" = C:\Program Files\Autodesk\Backburner\manager.exe:*:Enabled:backburner 2.3 manager -- (Autodesk, Inc.)
"C:\Program Files\Autodesk\Backburner\server.exe" = C:\Program Files\Autodesk\Backburner\server.exe:*:Enabled:backburner 2.3 server -- (Autodesk, Inc.)
"C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe" = C:\Program Files\LeapFrog\LeapFrog Connect\LeapFrogConnect.exe:*:Enabled:LeapFrog Connect -- (LeapFrog Enterprises, Inc.)
"C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe" = C:\Documents and Settings\Jennifer\Local Settings\Application Data\Akamai\netsession_win.exe:*isabled:netsession_win -- (Akamai Technologies, Inc)
"C:\Program Files\ATT-HSI\McciBrowser.exe" = C:\Program Files\ATT-HSI\McciBrowser.exe:*:Enabled:motivebrowser.exe -- (Alcatel-Lucent)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{04B34E21-5BEE-3D2B-8D3D-E3E80D253F64}" = Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
"{04E7A3BB-DB38-481C-A809-35FA60C78EDF}" = AVG 2011
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1103112B-513D-4DEF-96B4-9889774E0118}" = Creative Zen Touch
"{14866AAD-1F23-39AC-A62B-7091ED1ADE64}" = Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{299C0434-4F4E-341F-A916-4E07AEB35E79}" = Microsoft Visual Studio Tools for Applications 2.0 Runtime
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1" = Inpaint 2.4
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388887F6-0661-4C80-B272-A6A23EFC7A31}" = MY CAMERA
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B90093A-5D9C-3956-8ABB-95848BE6EFAD}" = Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
"{4E0B21EE-F414-412A-B916-19CBDEA5EF64}_is1" = Smart Diary Suite 4
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54E6E975-E089-4575-BD33-64DC10022D46}" = Magic Collage
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{572FBF5D-3BAA-42FF-A468-A54C2C0A17C3}" = Autodesk Revit Architecture 2010
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D6-7028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2009
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{5783F2D7-9028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2011
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{612AD33D-9824-4E87-8396-92374E91C4BB}_is1" = Inbox Toolbar
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6406E3EA-9777-45B7-A0C0-89741E629352}" = Composite 2011
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6B307310-53C1-8F80-465E-E2A96FA5EA5D}" = FlipShare
"{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1" = Picture Collage Maker Pro 2.2.8
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{73F01EB9-1682-4678-B856-F672D09F1E32}" = Garmin Lifetime Updater
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86C0E2A3-1EDA-4F01-A43D-80DA8642813C}_is1" = GameTap Web Player
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E6AE459-9D8F-7365-E848-877D508F5A48}" = Picaboo X
"{8ED02445-D491-414C-A56D-2ED6BBB7239A}" = Garmin Communicator Plugin
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975951E7-14D0-49AF-A630-89680D12D7F6}" = Autodesk Material Library 2011 Medium Image library
"{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011
"{A055FB62-CF73-4839-AD83-122ABCB92418}" = LeapFrog Tag Junior Plugin
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3A37DA6-70C0-497C-BCB1-148E9EC1D32E}" = Revit Architecture 2009
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B42E259C-E4D4-37F1-A1B2-EB9C4FC5A04D}" = Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C6359569-E03E-4CDC-98E8-CDD080C6EEB5}" = LeapFrog Connect
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9757258-30B2-496E-86F2-84920C5858E1}_is1" = CollageIt 1.6.0
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4257ACA-7D3B-4FBA-8A37-E1F4699E91C7}" = WOT Services
"{E51FFEFB-68E2-4516-B293-35DC83B9767E}" = LeapFrog Tag Plugin
"{E7F56612-69F7-4F85-AD0B-B04B1C5BC3BD}" = Creative ZEN V Series (R2)
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F99520C7-7EE6-472E-8DD8-E60003A9292F}" = WOT for Internet Explorer
"{FD95ACB4-E09F-4B5A-B976-C7F6FDD2A6F9}" = Mix Central Update
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"10CB2083F7325ECF7648ED6DB0E2392F905A2829" = Windows Driver Package - Camera Maker (MR97310_USB_DUAL_CAMERA) Image (05/02/2006 2.0.1.0)
"3ivx MPEG-4 5.0.3" = 3ivx MPEG-4 5.0.3 (remove only)
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"781745E87AFF80C0C1388CFF79D19ECAB2E9BB47" = Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
"8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D" = Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AI RoboForm" = AI RoboForm (All Users)
"Aiseesoft Total Video Converter_is1" = Aiseesoft Total Video Converter
"Akamai" = Akamai NetSession Interface Service
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.2
"Amazon Kindle" = Amazon Kindle
"Any Video Converter_is1" = Any Video Converter 3.2.1
"Ashampoo Burning Studio 2010 Advanced_is1" = Ashampoo Burning Studio 2010 Advanced
"AudibleManager" = AudibleManager
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"Autodesk Revit Architecture 2010" = Autodesk Revit Architecture 2010
"BlackBerry_{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"Boxoft Photo Magic Maker_is1" = Boxoft Photo Magic Maker 1.1
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1" = Picaboo X
"CookBook+Calendar_is1" = CookBook+Calendar version 2.5
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DWG TrueView 2009" = DWG TrueView 2009
"DWG TrueView 2010" = DWG TrueView 2010
"DWG TrueView 2011" = DWG TrueView 2011
"ExpressZip" = Express Zip File Compression Software
"ExtractNow_is1" = ExtractNow
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free Realms Installer" = Free Realms Installer
"Google Chrome Frame" = Google Chrome Frame
"GoToAssist" = GoToAssist 8.0.0.514
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"KeePass Password Safe_is1" = KeePass Password Safe 1.20
"Magic DVD Ripper_is1" = Magic DVD Ripper V5.5.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"mediAvatar Video to DVD Converter" = mediAvatar Video to DVD Converter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 11.0 (x86 en-US)" = Mozilla Firefox 11.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NetSight" = Nielsen
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhotoStage" = PhotoStage Slideshow Producer
"Prism" = Prism Video File Converter
"PROSet" = Intel(R) PRO Network Connections Drivers
"SpywareBlaster_is1" = SpywareBlaster 4.4
"Swag_Bucks Toolbar" = Swag_Bucks Toolbar
"SysInfo" = Creative System Information
"TagJuniorPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Junior Plugin)
"TagPlugin" = Use the entry named LeapFrog Connect to uninstall (LeapFrog Tag Plugin)
"Trivial Pursuit Digital Choice_is1" = Trivial Pursuit Digital Choice v1.3.0 for Windows XP/Vista
"TTB000001.TTB000001Toolbar" = CouponBar
"TuneClone_is1" = TuneClone 1.40
"UPCShell" = LeapFrog Connect
"VideoPad" = VideoPad Video Editor
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Walmart MP3 Music Downloads" = Walmart MP3 Music Downloads
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Web Page Maker_is1" = Web Page Maker V3.21
"Weeny Free Audio Cutter_is1" = Weeny Free Audio Cutter 1.2
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wondershare DVD Slideshow Builder Standard_is1" = Wondershare DVD Slideshow Builder Standard(Build 6.0.1.23)
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"Your monster voice 1" = Your monster voice 1
"ZENcast Organizer" = ZENcast Organizer
"Zortam Mp3 Media Studio_is1" = Zortam Mp3 Media Studio 11.10

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"New LEGO Digital Designer" = LEGO Digital Designer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/24/2012 8:00:17 AM | Computer Name = NAPIER | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/24/2012 8:27:39 AM | Computer Name = NAPIER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/24/2012 9:28:31 AM | Computer Name = NAPIER | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/25/2012 2:59:29 AM | Computer Name = NAPIER | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/25/2012 9:23:37 AM | Computer Name = NAPIER | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/25/2012 9:28:37 AM | Computer Name = NAPIER | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/26/2012 8:46:08 AM | Computer Name = NAPIER | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/26/2012 8:46:20 AM | Computer Name = NAPIER | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 3/26/2012 9:31:41 AM | Computer Name = NAPIER | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/26/2012 1:13:24 PM | Computer Name = NAPIER | Source = MPSampleSubmission | ID = 5000
Description =

[ System Events ]
Error - 3/24/2012 8:00:17 AM | Computer Name = NAPIER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.5.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error 
description: The specified service does not exist as an installed service.

Error - 3/24/2012 9:19:37 AM | Computer Name = NAPIER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 3/24/2012 9:28:31 AM | Computer Name = NAPIER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.5.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error 
description: The specified service does not exist as an installed service.

Error - 3/25/2012 2:59:28 AM | Computer Name = NAPIER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.5.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error 
description: The specified service does not exist as an installed service.

Error - 3/25/2012 9:23:37 AM | Computer Name = NAPIER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.5.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error 
description: The specified service does not exist as an installed service.

Error - 3/25/2012 9:28:37 AM | Computer Name = NAPIER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.5.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error 
description: The specified service does not exist as an installed service.

Error - 3/26/2012 9:22:42 AM | Computer Name = NAPIER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 3/26/2012 9:31:41 AM | Computer Name = NAPIER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.5.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error 
description: The specified service does not exist as an installed service.

Error - 3/26/2012 1:04:24 PM | Computer Name = NAPIER | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 3/26/2012 1:13:24 PM | Computer Name = NAPIER | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.123.5.0 Update Source: %%859 Update Stage:
%%852 Source Path: Default URL Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 1.1.8202.0 Error code: 0x80070424 Error 
description: The specified service does not exist as an installed service.

< End of report >


----------



## kevinf80 (Mar 21, 2006)

Are you aware of the network proxy running in FireFox,?


----------



## chickie225 (Sep 18, 2007)

I don't know what that means, so I guess no?


----------



## chickie225 (Sep 18, 2007)

I almost never use FireFox, by the way. I almost always use Google Chrome. I sometimes use Internet Explorer because of some of my bookmarks.


----------



## kevinf80 (Mar 21, 2006)

OK, i`ll include the proxy in the fix....

Re-Run







by double left click, Vista and Widows 7 users right click and select Run as Administrator.

Under the







box at the bottom, paste in the following


```
:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm003W2us&ptb=C6C3A8FC-C383-48EC-BC33-FF39669A9E05&ind=2011111619&ptnrS=RGxdm003W2us&si=CK-Al7mxvKwCFZIDQAodOCAqqw&n=77df20c3&psa=&st=sb&searchfor={searchTerms}
IE - HKLM\..\SearchScopes\{5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes,DefaultScope = {5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?FORM=BABTDF&PC=BBLN&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKCU\..\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}: "URL" = http://start.msn.iplay.com/searchresultsredirect.aspx?o=chrome&q={searchTerms}
IE - HKCU\..\SearchScopes\{44C7E52F-4720-4D56-8052-F67677023468}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=chr-yie8
IE - HKCU\..\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=RGxdm003W2us&ptb=C6C3A8FC-C383-48EC-BC33-FF39669A9E05&ind=2011111619&ptnrS=RGxdm003W2us&si=CK-Al7mxvKwCFZIDQAodOCAqqw&n=77df20c3&psa=&st=sb&searchfor={searchTerms}
IE - HKCU\..\SearchScopes\{5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={ inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_en
IE - HKCU\..\SearchScopes\{623D51CD-B4A7-4113-BF21-D249A3B655EC}: "URL" = http://rover.ebay.com/rover/1/711-43047-14818-1/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{68675C53-0ED7-4F4C-A670-7A8E3CD26C0A}: "URL" = http://delicious.com/search?p={searchTerms}
IE - HKCU\..\SearchScopes\{70310E59-17F5-44A7-9C94-8BCED2A78E05}: "URL" = http://www.flickr.com/search/?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2260173
IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80552&lng=en
IE - HKCU\..\SearchScopes\{CF850461-9BE6-4CE1-87E7-414D6AD693B9}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=EPC&o=2484&src=crm&q={searchTerms}&locale=en_US&apn_p tnrs=^A49&apn_dtid=^YYYYYY^YY^US&apn_uid=8295d542-c440-4368-816c-42274ad5aec3&apn_sauid=B8E35837-35EB-4F4A-8E96-5EFBA1CCBF03&
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..network.proxy.http: "88.224.81.176:8080"
FF - prefs.js..network.proxy.socks: "70.148.50.51:1080"
FF - prefs.js..network.proxy.socks_version: 4
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O2 - BHO: (Inbox Toolbar) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\WINDOWS\CouponsBar.dll (Coupons, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Inbox Toolbar) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\Program Files\Inbox Toolbar\Inbox.dll (Inbox.com, Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Jennifer\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
[2012/03/24 01:49:00 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/03/23 11:09:24 | 000,000,434 | ---- | M] () -- C:\Program Files\0323201211092396.bat
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8405B4B0
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7FDCA119
:Services
Lbd
:Files
ipconfig /flushdns /c
C:\WINDOWS\system32\drivers\Lbd.sys
C:\Documents and Settings\All Users\Application Data\avg9
C:\Documents and Settings\Jennifer\Application Data\AVG10
C:\Program Files\AVG
:Commands
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
```

Then click







button at the top
Let the program run unhindered, reboot the PC when it is done
Post the log it produces in your next reply.

Let me see the log in your reply, also give an update on issues/concerns...

Kevin


----------



## chickie225 (Sep 18, 2007)

After the program ran and the computer tried to shut down, a window popped up saying it couldn't close a program "iexplore.exe". I've seen this before, but I thought it was internet explorer. Also a box just popped up that says

Data Execution Prevention - Microsoft Windows
Name: Generic Host Process for Win32 Services
Publisher: Microsoft Corporation

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{36377DD7-B3EB-42f5-986F-680BAF59BA9D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44C7E52F-4720-4D56-8052-F67677023468}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44C7E52F-4720-4D56-8052-F67677023468}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44f44034-6036-4f06-9336-74ec4620edab}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44f44034-6036-4f06-9336-74ec4620edab}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA71A86-64D4-4B3C-B9F8-CDFEB1E4586C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{623D51CD-B4A7-4113-BF21-D249A3B655EC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{623D51CD-B4A7-4113-BF21-D249A3B655EC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{68675C53-0ED7-4F4C-A670-7A8E3CD26C0A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68675C53-0ED7-4F4C-A670-7A8E3CD26C0A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{70310E59-17F5-44A7-9C94-8BCED2A78E05}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70310E59-17F5-44A7-9C94-8BCED2A78E05}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF850461-9BE6-4CE1-87E7-414D6AD693B9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF850461-9BE6-4CE1-87E7-414D6AD693B9}\ not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "88.224.81.176:8080" removed from network.proxy.http
Prefs.js: "70.148.50.51:1080" removed from network.proxy.socks
Prefs.js: 4 removed from network.proxy.socks_version
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
C:\WINDOWS\CouponsBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}\ deleted successfully.
C:\Program Files\Inbox Toolbar\Inbox.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ deleted successfully.
File C:\WINDOWS\CouponsBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ deleted successfully.
C:\Program Files\Swag_Bucks\prxtbSwa1.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\ not found.
File C:\Program Files\Swag_Bucks\prxtbSwa1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ deleted successfully.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ not found.
File C:\WINDOWS\CouponsBar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}\ not found.
File C:\Program Files\Swag_Bucks\prxtbSwa1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
File C:\Program Files\Inbox Toolbar\Inbox.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9288080-1baa-4bc4-9cf8-a92d743db949}\ not found.
C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Program Files\0323201211092396.bat moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8405B4B0 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:7FDCA119 deleted successfully.
========== SERVICES/DRIVERS ==========
Service Lbd stopped successfully!
Service Lbd deleted successfully!
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Jennifer\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Jennifer\Desktop\cmd.txt deleted successfully.
C:\WINDOWS\system32\drivers\Lbd.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare\temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\prepare folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update\backup folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\update folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Temp folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\scanlogs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\emc folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Dumps folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\CfgAll folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\Cfg folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgApi folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\AvgAm folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9\admincli folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg9 folder moved successfully.
C:\Documents and Settings\Jennifer\Application Data\AVG10\cfgall folder moved successfully.
C:\Documents and Settings\Jennifer\Application Data\AVG10 folder moved successfully.
C:\Program Files\AVG\AVG9 folder moved successfully.
C:\Program Files\AVG\AVG8 folder moved successfully.
C:\Program Files\AVG folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Jennifer
->Temp folder emptied: 2710177791 bytes
->Temporary Internet Files folder emptied: 107754482 bytes
->Java cache emptied: 20633505 bytes
->FireFox cache emptied: 53490338 bytes
->Google Chrome cache emptied: 16945999 bytes
->Flash cache emptied: 5911 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 219835429 bytes
->Flash cache emptied: 10220 bytes

User: NetworkService
->Temp folder emptied: 13332788 bytes
->Temporary Internet Files folder emptied: 483342147 bytes
->Java cache emptied: 24 bytes
->Flash cache emptied: 24583 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 747394835 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 110663729 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4,276.00 mb

Unable to start service SrService!

OTL by OldTimer - Version 3.2.39.1 log created on 03262012_154852

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_ad8.dat not found!

Registry entries deleted on Reboot...


----------



## kevinf80 (Mar 21, 2006)

Re-boot your PC again, re-run Security Checks and post the new log, Do you have System Restore turned off intentionally?


----------



## chickie225 (Sep 18, 2007)

No, I didn't intentionally turn it off. Another curious thing, a few months ago I got that Security 2012 virus. It had somehow turned off the automatic updates, so the windows security alert stays up. I tried to change it under the alert and manually, but it still comes up as if it's off. Going to reboot now. Thanks for your patience with all this!


----------



## chickie225 (Sep 18, 2007)

It's still showing AVG and Ad-Aware! And I know that Adobe Reader is up to date. I actually uninstalled it and reinstalled it a couple of days ago which took forever. I just opened it and it says it's up to date, version 10.1.2.

Results of screen317's Security Check version 0.99.32 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
AVG 2011 
Microsoft Security Essentials 
Antivirus up to date! 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Ad-Aware 
SpywareBlaster 4.4 
HijackThis 2.0.2 
Java(TM) 6 Update 31 
Adobe Flash Player 11.1.102.63 
Adobe Reader 9 *Adobe Reader out of date!* 
Mozilla Firefox (11.0.) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Windows Defender MSMpEng.exe 
*Ad-Aware AAWService.exe is disabled!* 
*Ad-Aware AAWTray.exe is disabled!* 
Microsoft Security Essentials msseces.exe 
Microsoft Security Client Antimalware MsMpEng.exe 
NetRatingsNetSight NetSight NielsenOnline.exe 
*``````````End of Log````````````*


----------



## kevinf80 (Mar 21, 2006)

Download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:


```
:regfind
avg.exe
ad-aware.exe
:filefind
avg.exe
ad-aware.exe
:folderfind
*avg*
*ad-aware*
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*

Next,

Get update checker by file hippo from here http://www.filehippo.com/updatechecker/ run the app and see what it wants to update.

Let me see the log from SystemLook, also tell me what the updater shows...

Kevin


----------



## chickie225 (Sep 18, 2007)

SystemLook 30.07.11 by jpshortstuff
Log created at 16:55 on 26/03/2012 by Jennifer
Administrator - Elevation successful

========== regfind ==========

Searching for "avg.exe"
No data found.

Searching for "ad-aware.exe"
No data found.

========== filefind ==========

Searching for "avg.exe"
No files found.

Searching for "ad-aware.exe"
No files found.

========== folderfind ==========

Searching for "*avg*"
C:\$AVG	d------	[20:52 08/04/2010]
C:\_OTL\MovedFiles\03262012_154852\C_Documents and Settings\All Users\Application Data\avg9	d------	[20:49 26/03/2012]
C:\_OTL\MovedFiles\03262012_154852\C_Documents and Settings\All Users\Application Data\avg9\AvgAm	d------	[20:49 08/04/2010]
C:\_OTL\MovedFiles\03262012_154852\C_Documents and Settings\All Users\Application Data\avg9\AvgApi	d------	[20:49 08/04/2010]
C:\_OTL\MovedFiles\03262012_154852\C_Documents and Settings\Jennifer\Application Data\AVG10	d------	[20:49 26/03/2012]
C:\_OTL\MovedFiles\03262012_154852\C_Program Files\AVG	d------	[20:49 26/03/2012]
C:\_OTL\MovedFiles\03262012_154852\C_Program Files\AVG\AVG8	d------	[03:18 14/03/2009]
C:\_OTL\MovedFiles\03262012_154852\C_Program Files\AVG\AVG9	d------	[20:49 08/04/2010]

Searching for "*ad-aware*"
No folders found.

-= EOF =-

10 Updates Detected
Any Video Converter 3.3.5
Installed Version: 3.2.1.1 22.70MB 
HijackThis 2.0.4
Installed Version: 2.0.0.2 1.34MB 
iTunes 10.6 (32-bit)
Installed Version: 10.5.3.3 71.49MB 
Java Runtime Environment 1.7.0.3 (32-bit)
Installed Version: 1.6.0.31 19.38MB 
Kindle for PC 1.9.2 Build 38420
Installed Version: 1.8.3.36179 27.57MB 
QuickTime Player 7.71.80.42
Installed Version: 7.69.80.9 37.58MB 
Shockwave Player 11.6.4.634
Installed Version: 11.5.2.602 11.85MB 
Silverlight 5.0.61118
Installed Version: 4.0.60831.0 6.63MB 
SpywareBlaster 4.6
Installed Version: 4.4.0.0 3.10MB 
Windows Live Messenger 2009 (14.0.8117)
Installed Version: 4.7.0.3001 1.19MB 
Total size: 202.83MB

6 Beta Updates Detected
Adobe Air 3.2.0.2060 RC 1
Installed Version: 2.0.2.12610 14.17MB 
Firefox 12.0 Beta 2
Installed Version: 11.0.0.0 16.12MB 
Flash Player 11.2.202.221 RC 1 (IE)
Installed Version: 11.1.102.63 3.93MB 
Flash Player 11.2.202.221 RC 1 (Non-IE)
Installed Version: 11.1.102.63 3.95MB 
Google Chrome 19.0.1077.3 Dev
Installed Version: 17.0.963.83 25.38MB 
uTorrent 3.2 Beta 26934
Installed Version: 1.8.2.14458 733KB 
Total size: 64.26MB


----------



## kevinf80 (Mar 21, 2006)

If System Restore and Windows Updates are not working do this:

Download *Farbar Service Scanner* and run it on the computer with the issue.

*Make sure the following options are checked:*


*System Restore*
*Security Center*
*Windows Update*
Press "*Scan*".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


----------



## chickie225 (Sep 18, 2007)

Farbar Service Scanner Version: 01-03-2012
Ran by Jennifer (administrator) on 26-03-2012 at 17:42:38
Running from "C:\Documents and Settings\Jennifer\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".


System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(9) Tcpip(3) 
0x0A000000040000000100000002000000030000000A0000000500000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Select Start > Run > Type *services.msc* into te run box and tap enter or select OK. In the new window scroll to *system restore service* Right click on that entry and select *Properties*.

Use the drop down next to *start up type* change that to *Automatic* apply, OK. Re-boot and see system restore is on...

Select start > right click on *my computer* > select > *properties* then open the "system restore" tab is it OK?


----------



## chickie225 (Sep 18, 2007)

The box was unchecked and the automatic updates is okay. My concern is that it shows in the bottom of my toolbar as an alert even though it's set to automatically update under "my computer". Is that just a glitch? Anyway, that stuff is fixed


----------



## kevinf80 (Mar 21, 2006)

My last reply was to fix system restore, Did that work? if you recall it was OFF, Regarding Windows updates, they will not work as the registry key is missing, this was from FSS :-

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.

You say it is working, are you sure? re-run FSS as follows:

Please download *Farbar Service Scanner* and run it on the computer with the issue.

*Make sure the following options are checked,


System Restore
Security Center
Windows Update
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.
*


----------



## chickie225 (Sep 18, 2007)

I didn't turn system restore off. I'm not sure how that happened. When you told me to check it a couple of replies ago after a scan, I checked it, and it was fixed.

To start over with the automatic updates issue. I had that Security XP 2012 virus on my computer about 2 months ago. Right after I got it all fixed, the red shield with an X popped up at the bottom right of my toolbar. It says "Windows Security Alerts." When I double click on it, the box says that automatic updates is off. I clicked on the button to fix it, but it says it cannot fix it and to go to the control panel. I'll attach all the screen shots. I fixed that through the control panel immediately (2 months ago), yet the shield keeps popping up. I don't know if it's a glitch or what because after the first time I fixed it, it hasn't changed back.

Here's the latest log:

Farbar Service Scanner Version: 01-03-2012
Ran by Jennifer (administrator) on 27-03-2012 at 13:29:02
Running from "C:\Documents and Settings\Jennifer\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(9) Tcpip(3) 
0x0A000000040000000100000002000000030000000A0000000500000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

mmm, According to FSS it is impossible for windows updates to work, look at the log output:

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. *The service key does not exist.*
Checking ImagePath: Attention! Unable to open wuauserv registry key. *The service key does not exist.*
Checking ServiceDll: Attention! Unable to open wuauserv registry key. *The service key does not exist.*
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. *The key does not exist.
*


----------



## chickie225 (Sep 18, 2007)

So what does that mean? Do you think that virus messed something up?


----------



## chickie225 (Sep 18, 2007)

I meant to ask, is it possible to manually update? A couple of weeks ago, I tried to and I got an error on the microsoft website even though it showed an update available. I thought because it was the middle of the night, maybe they were doing maintenance or something. I just tried it again and got this again.


----------



## kevinf80 (Mar 21, 2006)

No that is not possible, the registry key concerned with the update process is missing from your system, a repair install will probably be the best option.

One possible fix is to merge a new registry key, it is not a definite fix but well worth an attempt, I`ve attached wuauservxp.zip to this reply, unzip it to your desktop, double click on the file, agree any alerts. Re-boot your PC when complete.

Re-run Farbar SS again with Windows updates selected, post that in your reply...


----------



## kevinf80 (Mar 21, 2006)

I thought i`d fogotten to attach the file, unfortunately the upload keeps failing, can you PM me an email address and i`ll send it that way...

Kevin


----------



## chickie225 (Sep 18, 2007)

Farbar Service Scanner Version: 01-03-2012
Ran by Jennifer (administrator) on 28-03-2012 at 18:14:27
Running from "C:\Documents and Settings\Jennifer\Desktop\Scanners"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(9) Tcpip(3) 
0x0A000000040000000100000002000000030000000A0000000500000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Did you unzip and merge the file...


----------



## chickie225 (Sep 18, 2007)

Yes I did. I went ahead and tried again to see if I did something wrong and now my computer won't restart  
It keeps ending up on the screen where you can choose safe mode. I've tried all 5 options several times to no avail. If I leave it, it's a looping cycle. What do I do now??


----------



## kevinf80 (Mar 21, 2006)

To start System Restore using the Command prompt, follow these steps:

1. Restart your computer, and continuously tap the F8 key during the initial startup to start your computer to safe mode.
2. Use the arrow keys to select the Safe mode with a Command prompt option.
3. If you are prompted to select an operating system, use the arrow keys to select the appropriate operating system for your computer, and then press ENTER.
4. Log on as an administrator or with an account that has administrator credentials.
5. At the command prompt, type *%systemroot%\system32\restore\rstrui.exe* and then press ENTER.
6. Follow the instructions that appear on the screen to restore your computer to a functional state.

Let me know if that works for you...


----------



## chickie225 (Sep 18, 2007)

No matter what option I choose it goes to the windows loading screen then resets back to the dell screen then to the screen where you choose an option. None of them will let me restart it at all. It keeps cycling.


----------



## kevinf80 (Mar 21, 2006)

When you boot do you see the option for the Recovery Console? if not do you have your XP installation CD


----------



## kevinf80 (Mar 21, 2006)

Follow the instructions here http://www.icompute.info/System_restore_from_xp_cd.htm to access the Recovery Console and run System Restore....

Make sure to fully read the instructions a couple of times, it is quite straightforward and does work....


----------



## chickie225 (Sep 18, 2007)

It worked! I'm not gonna lie, when it restarted properly, I cried. Now what??


----------



## kevinf80 (Mar 21, 2006)

Sorry about that, at least you`re up again. The problem is the reg keys that are missing are still giving an issue. I`ve looked into the issue and it will be down to a permission problem because of the typ of key we are dealing with.

What we have to do is alter permissions to allow the legacy key to merge correctly. This is quite straightforward. I`m away from my main PC for a couple more hours that has the correct instruction.

For now re-run FSS and post its log, we will fix this without issue later....

I can only apologize again...

Kevin


----------



## chickie225 (Sep 18, 2007)

I'm just glad it started again! I cried because I was happy, LOL. I thought everything was lost. I have some of it backed up, but I haven't done it in awhile. Here's the log:

Farbar Service Scanner Version: 01-03-2012
Ran by Jennifer (administrator) on 29-03-2012 at 13:04:00
Running from "C:\Documents and Settings\Jennifer\Desktop\Scanners"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wuauserv registry key. The service key does not exist.
Checking LEGACY_wuauserv: Attention! Unable to open LEGACY_wuauserv\0000 registry key. The key does not exist.


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(9) Tcpip(3) 
0x0A000000040000000100000002000000030000000A0000000500000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

Hiya Jennifer,

Here`s the fix, this one will work OK this time, but we will take precautions.

The following steps involve registry editing. Please create new restore point before proceeding!!!

How to:

XP - http://support.microsoft.com/kb/948247

Or better still create a full registry back up with ERUNT as follows:


Download *ERUNT* 
_(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)_
Install *ERUNT* by following the prompts
_(use the default install settings but say no to the portion that asks you to add *ERUNT* to the start-up folder, if you like you can enable this option later)_
Start *ERUNT*
_(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)_
Choose a location for the backup
_(the default location is C:\WINDOWS\ERDNT which is acceptable)._
Make sure that at least the first two check boxes are ticked
Press *OK*
Press *YES* to create the folder.










When the back up is complete do the following:

Please go to Start > Run (alternatively use Windows key+R), type *regedit* and click OK.

Navigate to *HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root*

Right-Click *Root* and select *Permissions...*
Under Security type while *Everyone* is selected put a check mark in the box under *Allow* next to *Full Control.*
Click Apply and OK.

Download the XP.zip file from here: http://www.smartestcomputing.us.com/...-network-keys/ Ignore the rest....

Unzip it to your Desktop.

You'll find several files inside. We are only interested in two, ignore the rest..

1. Double-click *legacy_wuauserv.reg* and confirm the prompt.
2. Double-click *wuauserv.reg* and confirm the prompt.

Please go back to the the Root key again while *Everyone* is selected remove check mark in the box under *Allow* next to *Full Control* and close the registry.

Restart computer and post new FSS log.


----------



## chickie225 (Sep 18, 2007)

First, when I went through all that under permissions, that was already selected, so i didn't need to make changes. I don't know if that's significant.

Second, your link is incomplete, so it gives me an error :-/


----------



## kevinf80 (Mar 21, 2006)

Not sure what is wrong with the link, it works for me..Ok i`ve attached the zip file, unzip to your Desktop, only run the two files i`ve mentioned;


----------



## chickie225 (Sep 18, 2007)

When i restarted, the red shield and warning was FINALLY gone and windows is UPDATING!!! 

Farbar Service Scanner Version: 01-03-2012
Ran by Jennifer (administrator) on 31-03-2012 at 11:14:39
Running from "C:\Documents and Settings\Jennifer\Desktop\Scanners"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Attempt to access Yahoo IP returend error: Yahoo IP is offline


System Restore:
============

System Restore Disabled Policy: 
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) RFCOMM(9) Tcpip(3) 
0x0A000000040000000100000002000000030000000A0000000500000008000000060000000700000009000000
IpSec Tag value is correct.

**** End of log ****


----------



## kevinf80 (Mar 21, 2006)

That is good news, I guess we both get top marks for perserverance, OK I need to read back through your thread and give clean up procedure, if you have any remaining issues or concerns let me know...


----------



## kevinf80 (Mar 21, 2006)

Run Security Checks again, let me see the log...

Instructions again if needed:

Download Security Check by screen317 from *HERE* or *HERE*.
Save it to your Desktop.
Double click SecurityCheck.exe (Vista or Windows 7 users right click and select "Run as Administrator") and follow the onscreen instructions inside of the black box. Press any key when asked.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


----------



## chickie225 (Sep 18, 2007)

Results of screen317's Security Check version 0.99.32 
Windows XP Service Pack 3 x86 
Internet Explorer 8 
*`````````````````````````````` 
Antivirus/Firewall Check:* 
Windows Firewall Enabled! 
AVG 2011 
Microsoft Security Essentials 
Antivirus up to date! 
*``````````````````````````````` 
Anti-malware/Other Utilities Check:* 
Ad-Aware 
SpywareBlaster 4.4 
HijackThis 2.0.2 
Java(TM) 6 Update 31 
Adobe Flash Player 11.1.102.63 
Adobe Reader 9 *Adobe Reader out of date!* 
Mozilla Firefox (11.0.) 
*```````````````````````````````` 
Process Check: 
objlist.exe by Laurent* 
Windows Defender MSMpEng.exe 
*Ad-Aware AAWService.exe is disabled!* 
*Ad-Aware AAWTray.exe is disabled!* 
Microsoft Security Essentials msseces.exe 
Microsoft Security Client Antimalware MsMpEng.exe 
NetRatingsNetSight NetSight NielsenOnline.exe 
*``````````End of Log````````````*


----------



## kevinf80 (Mar 21, 2006)

The log is showing two security applications AVG and MSE, that is not good. You`ll have to remove one of them. Personally i`d keep Microsoft Secuerity Essentials and get rid of AVG....

Go here http://www.avg.com/us-en/utilities and use AVG`s removal tool, let me know when that is complete...

Next,


Download *OTC* by OldTimer and save it to your *desktop.* *Alternative mirror*
Double click







icon to start the program. 
If you are using Vista or Windows 7, please right-click and choose run as administrator
Then Click the big







button.
You will get a prompt saying "_Begining Cleanup Process_". Please select *Yes*.
Restart your computer when prompted.
This will remove tools we have used and itself. 

*If there are still any tools or logs left on the Desktop either delete or drag to the recycle bin....*

Next,

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack and exploitation.

Please go to the link below to update.

*Adobe Reader* Untick the Free McAfee® Security Scan Plus (optional) Not required...

Next,

Download







TFC to your desktop, from either of the following links
*Link 1*
*Link 2*

 Save any open work. TFC will close all open application windows.
 Double-click TFC.exe to run the program. Vista or Windows 7 users right click and select Run as Administartor
 If prompted, click "Yes" to reboot.
TFC will automatically close any open programs, *including your Desktop*. Let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. TFC may re-boot your system, if not *Re-boot it yourself to complete cleaning process* *<---- Very Important *

Keep TFC it is an excellent utility to keep your system optimized, it empties all user temp folders, Java cache etc etc. *Always remember to re-boot after a run, even if not prompted*

Next,

We now need to reset your system restore points and create a new clean one. To do this "Turn off" System restore > Left click start > Right click My Computer > Left click Properties > Select System restore tab > put tick in Turn off System Restore box > apply > ok. To reverse as previous but remove the tick from Turn off System Restore > apply ok.

Create the new restore point > Start > all programs > accessories > system tools > system restore > create a restore point > In the Restore point description box give it a name for reference eg. Clean 1. The time and date are added automatically > then select create and follow the wizard out.

Let me know if those steps complete OK, also if any remaining issues or concerns..

Kevin


----------



## chickie225 (Sep 18, 2007)

Everything went smoothly except for the Adobe update. As I mentioned before, for some reason it's showing it's not up to date on the scans, but it is. I've downloaded the update several times and I even uninstalled/reinstalled Adobe Reader. The program itself is showing that it has the newest version.


----------



## kevinf80 (Mar 21, 2006)

OK, if no more issues here are some tips to reduce the potential for malware infection in the future:

*Make proper use of your antivirus and firewall*

Antivirus and Firewall programs are integral to your computer security. However, just having them installed isn't enough. The definitions of these programs are frequently updated to detect the latest malware, if you don't keep up with these updates then you'll be vulnerable to infection. Many antivirus and firewall programs have automatic update features, make use of those if you can. If your program doesn't, then get in the habit of routinely performing manual updates, because it's important.

You should keep your antivirus and firewall guard enabled at all times, *NEVER* turn them off unless there's a specific reason to do so. Also, regularly performing a full system scan with your antivirus program is a good idea to make sure you're system remains clean. Once a week should be adequate. You can set the scan to run during a time when you don't plan to use the computer and just leave it to complete on its own.

Install and use *WinPatrol* This will inform you of any attempted unauthorized changes to your system.

WinPatrol features explained *Here*

You will have several programs installed, these maybe outdated and vulnerable to exploits also. To be certain, please run the free online scan by *Secunia*, available *Here* Before clicking the *Start* scan* button, please check the box for the option *Enable thorough system inspection*. Just below the "Scan Options:" section, you'll see the status of what's currently processing....








...when the scan completes, the message "Detection completed successfully" will appear in the *Programs/Result* section. For each problem detected, Secunia will offer a "Solution" option. Please follow those instructions to download updated versions of the programs as recommended by Secunia.

*Use a safer web browser*

Internet Explorer is not the most secure tool for browsing the web. It has been known to be very susceptible to infection, and there are a few good free alternatives:

*Firefox*,

*Opera*, and

*Chrome*.

All of these are excellent faster, safer, more powerful and functional free alternatives to Internet Explorer. It's definitely worth the short period of adjustment to start using one of these. If you wish to continue using Internet Explorer, it would be a good idea to follow the tutorial *HERE* which will help you to make IE *MUCH* safer.

These *browser add-ons* will help to make your browser safer:

*Web of Trust* warns you about risky websites that try to scam visitors, deliver malware or send spam. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous ones:

Available for *Firefox* and *Internet Explorer*.

*Green* to go, 
*Yellow* for caution, and 
*Red* to stop.

Available for *Firefox* only. *NoScript* helps to block malicious scripts and in general gives you much better control over what types of things webpages can do to your computer while you're browsing.

These are just a couple of the most popular add-ons, if you're interested in more, take a look at *THIS* article.

Here a couple of links by two security experts that will give some excellent tips and advice.

*So how did I get infected in the first place by Tony Klein*

*How to prevent Malware by Miekiemoes*

Finally this link *HERE* will give a comprehensive upto date list of free Security programs. To include - Antivirus, Antispyware, Firewall, Antimalware, Online scanners and rescue CD`s.

Don`t forget, the best form of defense is common sense. If you don`t recognize it, don`t open it. If something looks to good to be true, then it aint.

If no remaining issues hit the Mark Solved tab at the top of the thread,

Take care,

Kevin


----------



## chickie225 (Sep 18, 2007)

Thank you SO much for your time and patience!!!!

Jennifer


----------



## kevinf80 (Mar 21, 2006)

You`re very welcome, it was a pleasure to work with you.

Take care,

Kevin


----------

