Solved Browser auto-redirects, Trojan, & not having fun

dudgorgon · 2011/04/07

Latest CombiFix scan done...the system is running much better.

ComboFix 11-04-07.05 - DeLuca 04/07/2011 19:09:28.2.8 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2171 [GMT -4:00]
Running from: d:\archives\Software Programs\Malware - Spyware - PopUp Blockers\ComboFix\ComboFix.exe
Command switches used :: c:\documents and settings\DeLuca\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}
.
FILE ::
"c:\windows\Phopirikijirazoh.bin "
"c:\windows\system32\olecliy.dll "
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\eIg06504hAhHe06504
c:\documents and settings\All Users\Application Data\eIg06504hAhHe06504\eIg06504hAhHe06504
c:\windows\Phopirikijirazoh.bin
c:\windows\system32\olecliy.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-06 22:52 . 2011-04-06 22:52 -------- d-----w- c:\documents and settings\administrator.ZOO-690\Application Data\Malwarebytes
2011-04-02 11:07 . 2011-04-02 11:07 -------- d-----w- c:\documents and settings\backup\Application Data\Malwarebytes
2011-03-31 02:15 . 2011-03-31 02:15 -------- d-----w- c:\program files\TDSSKiller
2011-03-27 12:57 . 2011-03-27 12:57 -------- d-----w- c:\program files\CleanUp!
2011-03-26 20:43 . 2011-03-26 20:43 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-03-26 10:23 . 2011-04-02 11:07 -------- d-----w- c:\documents and settings\backup\Application Data\WTablet
2011-03-26 10:23 . 2011-03-26 10:23 -------- d-----w- c:\documents and settings\backup\Application Data\WTouch
2011-03-26 03:17 . 2011-03-26 03:17 -------- d-----w- c:\documents and settings\NetworkService\Application Data\skypePM
2011-03-26 03:17 . 2011-03-26 03:17 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2011-03-26 01:15 . 2011-03-26 01:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-03-22 04:22 . 2011-03-22 04:22 -------- d-----w- c:\windows\system32\wbem\Repository
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2011-03-12 16:28 . 2011-03-12 16:28 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-07 01:09 . 2004-08-04 10:00 42112 ----a-w- c:\windows\system32\drivers\imapi.sys
2011-02-09 13:53 . 2004-08-04 10:00 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-04 10:00 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:13 . 2011-02-03 03:14 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-02-02 07:58 . 2008-03-23 03:39 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2008-03-23 03:39 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-04 10:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-03-18 17:53 . 2011-03-27 13:21 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-08-14 16:50 . 2008-08-14 16:50 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-07_03.44.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-31 14:07 . 2011-04-07 23:09 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2009-12-31 14:07 . 2011-04-07 03:34 262144 c:\windows\system32\config\systemprofile\IETldCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-01 68856]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"OfotoNow USB Detection "= "c:\progra~1\Ofoto\OfotoNow\OFUSBS.DLL" [2002-11-05 77824]
"Google Update "= "c:\documents and settings\DeLuca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!) "= "c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2009-11-10 5244216]
"TomTomHOME.exe "= "c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-08-24 247144]
"Power2GoExpress "= "c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2009-10-02 2684200]
"Skype "= "c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2007-02-27 7933952]
"GrooveMonitor "= "c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"CTHelper "= "CTHELPER.EXE" [2005-11-09 16384]
"CTxfiHlp "= "CTXFIHLP.EXE" [2006-03-02 18944]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-14 29744]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"RoxWatchTray "= "c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 236016]
"ccApp "= "c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray "= "c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]
"Microsoft Default Manager "= "c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"WD Button Manager "= "WDBtnMgr.exe" [2010-02-28 339968]
"NeroFilterCheck "= "c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LifeCam "= "c:\program files\Microsoft LifeCam\LifeExp.exe" [2009-03-17 157552]
"VX6000 "= "c:\windows\vVX6000.exe" [2009-03-17 713744]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe "= "c:\program files\real\realplayer\update\realsched.exe" [2010-11-20 274608]
"QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"InstantBurn "= "c:\progra~1\CYBERL~1\INSTAN~1\Win2K\IBurn.exe" [2009-07-09 681256]
"UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"CLMLServer "= "c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePDRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"RemoteControl8 "= "c:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-07-17 91432]
"PDVD8LanguageShortcut "= "c:\program files\CyberLink\PowerDVD8\Language\Language.exe" [2009-04-16 50472]
"BDRegion "= "c:\program files\Cyberlink\Shared Files\brs.exe" [2009-08-28 75048]
"UpdatePPShortCut "= "c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdatePSTShortCut "= "c:\program files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2009-10-28 210216]
"Corel Photo Downloader "= "c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2007-02-06 478800]
.
c:\documents and settings\DeLuca\Start Menu\Programs\Startup\
PMB Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-9-5 333088]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin "= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5} "= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@= "Driver "
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL.1\\MSSQL\\Binn\\sqlservr.exe "=
"c:\\Program Files\\Microsoft SQL Server\\90\\Shared\\sqlbrowser.exe "=
"c:\\Program Files\\Symantec\\Backup Exec\\pvlsvr.exe "=
"c:\\Program Files\\Symantec\\Backup Exec\\beserver.exe "=
"c:\\Program Files\\Symantec\\Backup Exec\\bengine.exe "=
"c:\\Program Files\\Symantec\\Backup Exec\\beremote.exe "=
"c:\\Program Files\\Symantec\\Backup Exec\\benetns.exe "=
"c:\\Program Files\\WebConference.com\\Version7\\webconference.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe "=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe "=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe "=
"c:\\Program Files\\iTunes\\iTunes.exe "=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe "=
"c:\\Program Files\\Skype\\Phone\\Skype.exe "=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe "=
"c:\\Program Files\\Opera\\opera.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57952:TCP "= 57952:TCPando Media Booster
"57952:UDP "= 57952:UDPando Media Booster
"3389:TCP "= 3389:TCP:Remote Desktop
"65533:TCP "= 65533:TCP:Services
"52344:TCP "= 52344:TCP:Services
"5762:TCP "= 5762:TCP:Services
"9434:TCP "= 9434:TCP:Services
"7716:TCP "= 7716:TCP:Services
"7715:TCP "= 7715:TCP:Services
"9183:TCP "= 9183:TCP:Services
"9590:TCP "= 9590:TCP:Services
"9137:TCP "= 9137:TCP:Services
"7804:TCP "= 7804:TCP:Services
"4652:TCP "= 4652:TCP:Services
"8715:TCP "= 8715:TCP:Services
"4996:TCP "= 4996:TCP:Services
"3794:TCP "= 3794:TCP:Services
"9918:TCP "= 9918:TCP:Services
"6058:TCP "= 6058:TCP:Services
"7090:TCP "= 7090:TCP:Services
"4981:TCP "= 4981:TCP:Services
.
R0 dontgo;Promise Removable Disk Control Driver;c:\windows\system32\drivers\dontgo.sys [3/14/2010 4:57 PM 7680]
R0 ulsata2;ulsata2;c:\windows\system32\drivers\ulsata2.sys [3/14/2010 4:57 PM 105984]
R0 VSP;Volume Snapshot Provider;c:\windows\system32\drivers\VSP.sys [10/16/2008 6:14 PM 54192]
R1 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [2/2/2011 10:57 PM 15784]
R1 SCSIChanger;SCSIChanger;c:\windows\system32\drivers\SCSICHNG.SYS [8/24/2007 20272]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2011/02/02 22:15];c:\program files\CyberLink\PowerDVD8\000.fcl [8/28/2009 7:36 PM 87536]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 CLBUDF;CyberLink InstantBurn UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [2/2/2011 10:57 PM 163368]
R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [12/4/2009 11:56 AM 91392]
R2 MSSQL$BKUPEXEC;SQL Server (BKUPEXEC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [12/10/2010 6:29 PM 29293408]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 8:48 PM 116416]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [8/7/2010 2:17 PM 4497704]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [8/24/2010 5:38 AM 92008]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [8/7/2010 2:18 PM 113448]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/3/2010 7:44 AM 102448]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [8/7/2010 1:56 PM 2077840]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [8/7/2010 2:17 PM 16168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S1 halfinchVRTS;halfinchVRTS;c:\windows\system32\drivers\halfinch.sys [1/23/2008 3:54 PM 39600]
S2 gupdate1c98d7ec96b1f2a;Google Update Service (gupdate1c98d7ec96b1f2a);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2009 10:00 PM 133104]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [4/1/2008 8:48 AM 29744]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [12/4/2009 11:57 AM 19712]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [12/4/2009 11:57 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/4/2009 11:57 AM 23936]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 tpfilter;Symantec SCSI Tape/Changer Log Driver;c:\windows\system32\drivers\tpfilter.sys [9/8/2008 4:33 PM 32816]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys --> c:\windows\system32\Drivers\yeddef.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-04-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-01 00:32]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 02:00]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-13 02:00]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1336601894-839522115-1003Core.job
- c:\documents and settings\DeLuca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:08]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1336601894-839522115-1003UA.job
- c:\documents and settings\DeLuca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 03:08]
.
2011-04-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-1336601894-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-07 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-57989841-1336601894-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-07 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-1336601894-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
2011-04-02 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-1336601894-839522115-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 16:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: webconference.com
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab
FF - ProfilePath - c:\documents and settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-07 19:14
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath "= "c:\windows\system32\GameMon.des -service "
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath "= "\??\c:\program files\CyberLink\PowerDVD8\000.fcl "
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101 "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled "=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe "
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker4 "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2011-04-07 19:16:35
ComboFix-quarantined-files.txt 2011-04-07 23:16
.
Pre-Run: 251,738,206,208 bytes free
Post-Run: 251,742,117,888 bytes free
.
- - End Of File - - 1A1982B18C6DD9CE89B749DB84F7DEC8

broni · 2011/04/07

Good job

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

dudgorgon · 2011/04/07

Extras.Txt

OTL Extras logfile created on: 4/7/2011 7:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\DeLuca\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.39 Gb Total Space | 234.53 Gb Free Space | 83.94% Space Free | Partition Type: NTFS
Drive D: | 1257.55 Gb Total Space | 280.78 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
Drive K: | 668.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF1.50
Drive L: | 930.86 Gb Total Space | 814.67 Gb Free Space | 87.52% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 217.42 Gb Free Space | 72.94% Space Free | Partition Type: NTFS
Drive Y: | 19.07 Gb Total Space | 2.15 Gb Free Space | 11.26% Space Free | Partition Type: NTFS

Computer Name: DADDYO | User Name: DeLuca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"57952:TCP" = 57952:TCP:*:Enabledando Media Booster
"57952:UDP" = 57952:UDP:*:Enabledando Media Booster
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5762:TCP" = 5762:TCP:*:Enabled:Services
"9434:TCP" = 9434:TCP:*:Enabled:Services
"7716:TCP" = 7716:TCP:*:Enabled:Services
"7715:TCP" = 7715:TCP:*:Enabled:Services
"9183:TCP" = 9183:TCP:*:Enabled:Services
"9590:TCP" = 9590:TCP:*:Enabled:Services
"9137:TCP" = 9137:TCP:*:Enabled:Services
"7804:TCP" = 7804:TCP:*:Enabled:Services
"4652:TCP" = 4652:TCP:*:Enabled:Services
"8715:TCP" = 8715:TCP:*:Enabled:Services
"4996:TCP" = 4996:TCP:*:Enabled:Services
"3794:TCP" = 3794:TCP:*:Enabled:Services
"9918:TCP" = 9918:TCP:*:Enabled:Services
"6058:TCP" = 6058:TCP:*:Enabled:Services
"7090:TCP" = 7090:TCP:*:Enabled:Services
"4981:TCP" = 4981:TCP:*:Enabled:Services

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"57952:TCP" = 57952:TCP:*:Enabledando Media Booster
"57952:UDP" = 57952:UDP:*:Enabledando Media Booster
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5762:TCP" = 5762:TCP:*:Enabled:Services
"9434:TCP" = 9434:TCP:*:Enabled:Services
"7716:TCP" = 7716:TCP:*:Enabled:Services
"7715:TCP" = 7715:TCP:*:Enabled:Services
"9183:TCP" = 9183:TCP:*:Enabled:Services
"9590:TCP" = 9590:TCP:*:Enabled:Services
"9137:TCP" = 9137:TCP:*:Enabled:Services
"7804:TCP" = 7804:TCP:*:Enabled:Services
"4652:TCP" = 4652:TCP:*:Enabled:Services
"8715:TCP" = 8715:TCP:*:Enabled:Services
"4996:TCP" = 4996:TCP:*:Enabled:Services
"3794:TCP" = 3794:TCP:*:Enabled:Services
"9918:TCP" = 9918:TCP:*:Enabled:Services
"6058:TCP" = 6058:TCP:*:Enabled:Services
"7090:TCP" = 7090:TCP:*:Enabled:Services
"4981:TCP" = 4981:TCP:*:Enabled:Services

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Backup Exec\pvlsvr.exe" = C:\Program Files\Symantec\Backup Exec\pvlsvr.exe:*:Enabled:Backup Exec Device & Media Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\beserver.exe" = C:\Program Files\Symantec\Backup Exec\beserver.exe:*:Enabled:Backup Exec Server -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\bengine.exe" = C:\Program Files\Symantec\Backup Exec\bengine.exe:*:Enabled:Backup Exec Job Engine -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\beremote.exe" = C:\Program Files\Symantec\Backup Exec\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\benetns.exe" = C:\Program Files\Symantec\Backup Exec\benetns.exe:*:Enabled:Backup Exec Agent Browser -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\alertServer.exe" = C:\Program Files\Symantec\Backup Exec\alertServer.exe:*:Enabled:Backup Exec Alert Server
"C:\Program Files\WebConference.com\Version7\webconference.exe" = C:\Program Files\WebConference.com\Version7\webconference.exe:*:Enabled:WebConference.com -- (WebConference.com Inc.)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Symantec\Backup Exec\pvlsvr.exe" = C:\Program Files\Symantec\Backup Exec\pvlsvr.exe:*:Enabled:Backup Exec Device & Media Service -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\beserver.exe" = C:\Program Files\Symantec\Backup Exec\beserver.exe:*:Enabled:Backup Exec Server -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\bengine.exe" = C:\Program Files\Symantec\Backup Exec\bengine.exe:*:Enabled:Backup Exec Job Engine -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\beremote.exe" = C:\Program Files\Symantec\Backup Exec\beremote.exe:*:Enabled:Backup Exec Remote Agent for Windows Systems -- (Symantec Corporation)
"C:\Program Files\Symantec\Backup Exec\benetns.exe" = C:\Program Files\Symantec\Backup Exec\benetns.exe:*:Enabled:Backup Exec Agent Browser -- (Symantec Corporation)
"C:\Program Files\WebConference.com\Version7\webconference.exe" = C:\Program Files\WebConference.com\Version7\webconference.exe:*:Enabled:WebConference.com -- (WebConference.com Inc.)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- ()
"C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = C:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*isabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*isabled:Yahoo! Messenger -- (Yahoo! Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{001B6569-BE48-4129-87EE-9354A7A3C468}" = Symantec Backup Exec License Assessment Tool
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"{0F60FD8E-3E58-4F8E-BF2C-DFA4C9987AE2}_is1" = DeLorme Send To GPS 1.2
"{12508FB2-89EC-4BE6-B5F7-644E8F95AF7B}" = Microsoft SQL Server 2005 Backward compatibility
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{15A0E52F-9311-4CF3-8244-8106977FBEC1}" = Symantec Backup Exec for Windows Servers (Service Pack 1)
"{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{195FF80D-6C1E-4B7A-A48E-45C0AEAC0F24}" = Microsoft LifeCam
"{19C64880-BBCA-11D4-9EEE-0004ACDDDB3B}" = CyberLink InstantBurn
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25FBB9C4-2C5B-48D3-9B3E-5A6E44C45BC5}" = Symantec Backup Exec for Windows Servers (Hotfix 302980)
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 23
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{2875A5F5-E613-4F99-9B47-8882C9DD24A5}" = OfotoNow
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (BKUPEXEC)
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{2D07422C-CA35-375A-A3A8-3631AB85BFE5}" = Microsoft Visual C# 2008 Express Edition - ENU
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3ECBCC39-249D-46C3-8BB5-4EF8E5DFB551}" = Symantec Backup Exec for Windows Servers (Service Pack 3)
"{3ED461D3-E81D-48DA-972A-10F2121FA8A2}" = Symantec Backup Exec for Windows Servers (Hotfix 306945)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{428D1009-53BE-4216-BED5-232A46908106}" = Symantec Backup Exec for Windows Servers (Hotfix 304922)
"{481E9852-DA0C-403B-ADA4-05D86C8BF9A9}" = Google Photos Screensaver
"{48AFBB60-8CF5-4605-BB04-704DD8702B80}" = VZAccess Manager for RIM
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A72C4A9-0D77-4406-ACF8-7E7B1AD42155}" = Symantec Backup Exec for Windows Servers (Hotfix 304662)
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{50E14EC8-CC39-4B21-88D4-10F04BACE11D}" = Symantec Backup Exec for Windows Servers (Hotfix 304964)
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BEAD7FD-2D5F-440E-AC15-B46B3FF48367}" = Symantec Backup Exec for Windows Servers (Hotfix 303865)
"{5EED93A8-33AD-46A7-A6AC-4DEAFBEFEEE1}" = Roxio Media Manager
"{60459336-2A8C-4399-95A2-F15D1E33BD55}" = Symantec Backup Exec for Windows Servers (Hotfix 306240)
"{61C85064-4823-4A73-9B91-2D35B8D77485}" = Symantec Backup Exec for Windows Servers (Hotfix 302982)
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75BE84C8-9DB3-4229-9370-0D2F72D3C65A}" = Symantec Backup Exec for Windows Servers (Hotfix 300290)
"{76508DA4-7EC2-4217-B23E-034EA4C5AF12}" = Symantec Backup Exec for Windows Servers (Hotfix 304586)
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77A1AE2C-C17A-405C-91C0-8FB90144D7C3}" = MotoConnect
"{79922D4F-BF47-42A2-902E-EF81B7A3750D}" = Roxio XingTones
"{79EA5752-2100-4672-BEF0-6A59631F26C2}" = Symantec Backup Exec for Windows Servers (Hotfix 304179)
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8174A9C0-052E-4BEB-B165-BE18863ACD96}" = Symantec Backup Exec for Windows Servers (Hotfix 302981)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8681B1E6-CD96-46EF-9065-CE0D1085ED99}" = Star Wars JK II Jedi Outcast
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FA74060-DF35-47E4-9683-01797304C0F5}" = Symantec Backup Exec for Windows Servers (Hotfix 304392)
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{96668E1D-A3B0-4DEA-9CA8-BC61DB496160}" = Symantec Backup Exec for Windows Servers (Hotfix 300287)
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98177940-C048-4831-A279-F3888B1E2C7F}" = InstallMgr
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A3EABC0-CA06-11D4-BF77-00104B130C19}" = EPSON TWAIN 5
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A29549FD-65F3-440C-A552-6B8114CF319D}" = Skype Toolbars
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A8AC89BA-D8CB-4372-9743-1C54D23286B0}" = MSN Toolbar
"{A9238572-4A7D-4F0C-86A8-A3B274E533D4}" = Windows Imaging
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC388C78-2619-452C-BFBE-FABCC3194387}" = Microsoft Office Live Meeting 2007
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5670-0000-900000000003}" = Korean Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{ADD5DB49-72CF-11D8-9D75-000129760D75}" = CyberLink PowerBackup
"{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}" = Garmin MapSource
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B52AF7AF-C5B3-47FC-8116-AD2208FC8904}" = Symantec Backup Exec for Windows Servers
"{B6EF6DCE-078E-4952-A7FA-352A9C349EB0}" = MSN Toolbar
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7148D71-0A8F-4501-96B4-4E1CC67F874E}" = Microsoft Default Manager
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C5AA83FC-0241-41C9-B3F4-3D514160B30E}" = Symantec Backup Exec for Windows Servers (Hotfix 306950)
"{CAFAEA62-6C6C-4716-81A8-201A1F81A34C}" = Symantec Backup Exec for Windows Servers (Hotfix 307711)
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE6DEE87-1C87-42ED-A108-7369BFE9076F}" = 32 bit Windows Card Reader Driver
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! 1.0
"{D4409BF3-2E95-4CEE-988B-C59717B0D573}" = Symantec Backup Exec for Windows Servers (Hotfix 307617)
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DB5B35F0-D466-45CC-B7EA-6F09DF5AEC5C}" = Symantec Backup Exec for Windows Servers (Hotfix 17)
"{DBD9F7F5-2BFF-47DA-8714-960025B63813}" = CP Blizzard
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{DFB8A9CB-EE71-4D24-B7BD-6155A394D34D}" = Symantec Backup Exec for Windows Servers (Service Pack 1)
"{DFC574D6-8651-40C1-B821-D5DB3BBD515F}" = Symantec Backup Exec for Windows Servers (Hotfix 302418)
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skypeâ„¢ 5.1
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{E984AEFB-AD3E-4DCF-9C45-C26E296BDDED}" = Symantec Backup Exec for Windows Servers (Hotfix 336087)
"{EB5F211D-85D5-44C4-BB15-1207C77EF430}" = Visual C++ 8.0 Runtime Setup Package
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"{FD6C6B7F-5696-48C5-A601-2EE9E50C3D46}" = WD Firewire HID Driver
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 2.1.1
"AnyDVD" = AnyDVD
"Applet_App" = Applet_App
"Applet_Copy" = Applet_Copy
"Applet_Creativity" = Applet_Creativity
"Applet_Email" = Applet_Email
"Applet_Epp" = Applet_Epp
"Applet_File" = Applet_File
"Applet_OCR" = Applet_OCR
"Applet_Web" = Applet_Web
"ArcSoft PhotoImpression 3.0" = ArcSoft PhotoImpression 3.0
"BlackBerry_{0D048BE8-AE02-4CB5-A428-616B9848E4A7}" = BlackBerry Desktop Software 4.3
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CCleaner" = CCleaner
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Color Efex Pro 3.0 Wacom Edition 3" = Color Efex Pro 3.0 Wacom Edition 3
"Copy Utility" = Copy Utility
"CSCLIB" = Canon Camera Support Core Library
"CutePDF Writer Installation" = CutePDF Writer 2.7
"DPP" = Canon Utilities Digital Photo Professional 3.3
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Photo Print" = EPSON Photo Print
"EPSON Smart Panel" = EPSON Smart Panel
"Film Factory" = Film Factory Lite
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HP Drive Key Boot Utility" = HP Drive Key Boot Utility
"Ideal DVD Copy_is1" = Ideal DVD Copy V3.2.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"Karen's Replicator" = Karen's Replicator
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.8.5 Full
"LucasArts' The Infernal Machine" = LucasArts' The Infernal Machine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C# 2008 Express Edition - ENU" = Microsoft Visual C# 2008 Express Edition - ENU
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"MyCamera" = Canon Utilities MyCamera
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.01.1190" = Opera 11.01
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"Pen Tablet Driver" = Bamboo
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"PokerStars" = PokerStars
"Prism" = Prism Video Converter
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 12.0" = RealPlayer
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Return to Castle Wolfenstein" = Return to Castle Wolfenstein
"SightSpeed" = SightSpeed (remove only)
"Symantec Backup Exec 12.5" = Symantec Backup Exec (TM) 12.5 for Windows Servers
"TomTom HOME" = TomTom HOME 2.7.6.2056
"VLC media player" = VLC media player 1.0.5
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebConference.com_is1" = WebConference.com Multimedia Conferencing Version 7.0.0
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-57989841-1336601894-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for DeLuca
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"SOE-Free Realms" = Free Realms
"UnityWebPlayer" = Unity Web Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/7/2011 7:36:23 AM | Computer Name = DADDYO | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 26596563

Error - 4/7/2011 6:53:53 PM | Computer Name = DADDYO | Source = Backup Exec | ID = 33152
Description = Adamm Database Event: Database Connection Lost! Error = E_PVL_DB_LOST_CONNECTION
Server
= "DADDYO" Active Node = " " Instance = "BkupExec" Database = "BEDB" Connection String
= "DRIVER=SQL Server;SERVER=DaddyO\BkupExec;DATABASE=BEDB;App=BEWS PVL"

Error - 4/7/2011 7:07:04 PM | Computer Name = DADDYO | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 8104) Time: Thursday, April 07, 2011 7:07:04 PM

Error - 4/7/2011 7:07:04 PM | Computer Name = DADDYO | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 1968) Time: Thursday, April 07, 2011
7:07:04 PM

Error - 4/7/2011 7:07:05 PM | Computer Name = DADDYO | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 7436) Time: Thursday, April 07, 2011 7:07:05 PM

Error - 4/7/2011 7:07:07 PM | Computer Name = DADDYO | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\firefox.exe (PID 7676) Time: Thursday, April 07, 2011
7:07:07 PM

Error - 4/7/2011 7:07:44 PM | Computer Name = DADDYO | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\iexplore.exe (PID 4160) Time: Thursday, April 07, 2011
7:07:44 PM

Error - 4/7/2011 7:07:44 PM | Computer Name = DADDYO | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 2288) Time: Thursday, April 07, 2011 7:07:44 PM

Error - 4/7/2011 7:07:45 PM | Computer Name = DADDYO | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\pev.exe (PID 5360) Time: Thursday, April 07, 2011 7:07:45 PM

Error - 4/7/2011 7:07:47 PM | Computer Name = DADDYO | Source = Symantec AntiVirus | ID = 16711725
Description = SYMANTEC TAMPER PROTECTION ALERT Target: C:\Program Files\Symantec
AntiVirus\VPTray.exe Event Info: Terminate Process Action Taken: Blocked Actor Process:
C:\32788R22FWJFW\License\firefox.exe (PID 6224) Time: Thursday, April 07, 2011
7:07:47 PM

[ OSession Events ]
Error - 5/24/2010 3:56:39 PM | Computer Name = DADDYO | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/6/2011 11:35:53 PM | Computer Name = DADDYO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 4/7/2011 6:54:20 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 4/7/2011 6:54:20 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/7/2011 6:54:20 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 4/7/2011 6:54:21 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 4/7/2011 6:54:21 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/7/2011 6:54:21 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

Error - 4/7/2011 6:58:02 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 4/7/2011 6:58:02 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 4/7/2011 6:58:02 PM | Computer Name = DADDYO | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for c:\program files\real\realplayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .

< End of report >

dudgorgon · 2011/04/07

OTL.Txt - 1st half of log

OTL logfile created on: 4/7/2011 7:39:30 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\DeLuca\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 65.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 279.39 Gb Total Space | 234.53 Gb Free Space | 83.94% Space Free | Partition Type: NTFS
Drive D: | 1257.55 Gb Total Space | 280.78 Gb Free Space | 22.33% Space Free | Partition Type: NTFS
Drive K: | 668.00 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF1.50
Drive L: | 930.86 Gb Total Space | 814.67 Gb Free Space | 87.52% Space Free | Partition Type: NTFS
Drive X: | 298.09 Gb Total Space | 217.42 Gb Free Space | 72.94% Space Free | Partition Type: NTFS
Drive Y: | 19.07 Gb Total Space | 2.15 Gb Free Space | 11.26% Space Free | Partition Type: NTFS

Computer Name: DADDYO | User Name: DeLuca | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/07 19:37:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeLuca\Desktop\OTL.exe
PRC - [2010/11/19 22:42:20 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2010/10/18 00:55:05 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2010/02/28 16:52:35 | 000,339,968 | ---- | M] (Western Digital Technologies, Inc.) -- C:\WINDOWS\system32\WDBtnMgr.exe
PRC - [2010/02/02 18:31:56 | 000,279,296 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2010/01/27 12:37:22 | 000,091,392 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2009/11/23 20:53:58 | 004,781,352 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchUser.exe
PRC - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\WTouch\WTouchService.exe
PRC - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe
PRC - [2009/11/14 09:20:30 | 001,135,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\beremote.exe
PRC - [2009/11/14 09:20:18 | 006,630,216 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\beserver.exe
PRC - [2009/11/14 09:20:16 | 003,684,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\bengine.exe
PRC - [2009/11/14 09:20:16 | 000,275,784 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\benetns.exe
PRC - [2009/10/22 20:19:00 | 001,533,256 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
PRC - [2009/10/01 21:53:36 | 002,684,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe
PRC - [2009/08/28 06:36:27 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared Files\brs.exe
PRC - [2009/07/16 21:08:20 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009/07/09 17:10:24 | 000,681,256 | ---- | M] (CyberLink Corporation.) -- C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe
PRC - [2009/06/03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007/03/14 20:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 20:48:56 | 000,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/03/14 20:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 20:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/02/06 11:20:00 | 000,478,800 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/10 17:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2006/11/21 18:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 18:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 18:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () -- C:\WINDOWS\system32\PSIService.exe

========== Modules (SafeList) ==========

MOD - [2011/04/07 19:37:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeLuca\Desktop\OTL.exe
MOD - [2010/11/19 22:42:35 | 000,040,448 | ---- | M] (RealNetworks, Inc.) -- C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/07/29 08:05:08 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
MOD - [2008/07/29 08:05:08 | 000,572,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - [2010/08/29 15:55:06 | 003,739,080 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2010/08/24 05:38:18 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/07/22 19:18:20 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2010/01/27 12:37:22 | 000,091,392 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/11/23 20:53:58 | 000,113,448 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\WTouch\WTouchService.exe -- (WTouchService)
SRV - [2009/11/23 20:53:56 | 004,497,704 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2009/11/14 09:20:30 | 001,135,432 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\beremote.exe -- (BackupExecAgentAccelerator)
SRV - [2009/11/14 09:20:18 | 006,630,216 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\beserver.exe -- (BackupExecRPCService)
SRV - [2009/11/14 09:20:16 | 003,684,680 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\bengine.exe -- (BackupExecJobEngine)
SRV - [2009/11/14 09:20:16 | 000,275,784 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\benetns.exe -- (BackupExecAgentBrowser)
SRV - [2009/10/22 20:19:00 | 001,533,256 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Backup Exec\pvlsvr.exe -- (BackupExecDeviceMediaService)
SRV - [2009/03/17 14:24:06 | 000,161,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/09/16 12:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/09/05 11:52:32 | 003,220,856 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
SRV - [2008/02/21 18:02:53 | 000,238,968 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2007/07/24 06:14:08 | 000,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 06:14:06 | 000,358,896 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio Easy Media Creator 9 Suite\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/03/14 20:48:56 | 000,116,416 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 20:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 20:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 18:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/10 17:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2006/11/21 18:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 18:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/11/02 20:40:12 | 000,174,656 | ---- | M] () [Auto | Start_Pending] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/03/31 04:00:00 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110406.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/03/31 04:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110406.003\NAVENG.SYS -- (NAVENG)
DRV - [2010/08/19 04:00:00 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2010/08/03 23:46:47 | 000,222,248 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/05/27 04:00:00 | 000,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/03/18 12:45:47 | 000,104,768 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009/11/14 09:20:40 | 000,032,816 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tpfilter.sys -- (tpfilter)
DRV - [2009/11/12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/10/27 13:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motport.sys -- (motport)
DRV - [2009/10/27 13:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2009/10/07 15:48:58 | 000,163,368 | ---- | M] (CyberLink Corporation.) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\CLBUDF.sys -- (CLBUDF)
DRV - [2009/10/07 15:48:58 | 000,015,784 | ---- | M] (Cyberlink Co.,Ltd.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CLBStor.sys -- (CLBStor)
DRV - [2009/08/28 19:36:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/02/02 22:15:52] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD8\000.fcl -- ({FE4C91E7-22C2-4D0C-9F6B-82F1B7742054})
DRV - [2009/08/27 19:06:32 | 000,016,168 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2009/06/19 17:59:34 | 000,019,712 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2009/05/20 15:54:06 | 000,013,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/03/17 14:24:10 | 002,077,840 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2009/03/10 10:43:00 | 000,108,928 | R--- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (symmpi)
DRV - [2009/01/29 18:18:00 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2009/01/08 19:43:24 | 000,110,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/10/16 18:14:16 | 000,054,192 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vsp.sys -- (VSP)
DRV - [2008/06/13 14:14:02 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2008/06/13 14:14:02 | 000,031,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/23 15:54:08 | 000,039,600 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\halfinch.sys -- (halfinchVRTS)
DRV - [2007/08/24 00:00:00 | 000,020,272 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SCSICHNG.SYS -- (SCSIChanger)
DRV - [2007/03/10 13:09:56 | 000,009,368 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/03/10 13:09:34 | 000,098,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/03/10 13:09:34 | 000,094,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/03/10 13:09:34 | 000,035,800 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/03/10 13:09:32 | 000,027,416 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/03/10 13:09:30 | 000,033,112 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/03/10 13:09:30 | 000,016,568 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/03/10 13:09:28 | 000,108,696 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/02/16 15:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/12 18:22:40 | 000,196,752 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2007/02/12 18:22:36 | 000,024,720 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2007/02/02 09:40:52 | 000,030,296 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/02/02 09:40:52 | 000,014,840 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/01/10 17:27:26 | 000,390,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/09/06 15:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 15:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/04/24 13:12:52 | 001,096,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/11/08 20:15:00 | 000,439,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/11/08 20:15:00 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/11/08 20:14:00 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/08 20:14:00 | 000,143,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/11/08 20:14:00 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/11/08 20:14:00 | 000,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/07/13 17:18:00 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/06/29 14:25:00 | 000,007,680 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\DontGo.sys -- (dontgo)
DRV - [2003/11/17 16:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 16:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 16:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/11/05 08:45:00 | 000,017,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\bb-run.sys -- (bb-run)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-57989841-1336601894-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-57989841-1336601894-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-57989841-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-57989841-1336601894-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-57989841-1336601894-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google "
FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search "
FF - prefs.js..browser.search.order.1: "Fast Browser Search "
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm "
FF - prefs.js..browser.search.param.yahoo-type: "${8} "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com "
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {a0729639-d831-46c9-811b-9b0aa79fb45a}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:3.6
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B0ACF696-2FA2-41D8-90DD-238B0E04F113}:1.9.1
FF - prefs.js..extensions.enabledItems: {6BE1DD88-4360-41AD-91AF-70498E2EF3AF}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/12/06 14:42:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/19 22:42:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/27 09:21:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/26 19:37:04 | 000,000,000 | ---D | M]

[2011/01/02 16:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Extensions
[2011/01/02 16:05:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Extensions\home2@tomtom.com
[2011/04/06 23:11:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\extensions
[2010/12/25 11:37:10 | 000,000,000 | ---D | M] ( "Garmin Communicator ") -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/04/27 19:16:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/21 21:56:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/04/27 19:16:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/03/31 20:12:33 | 000,000,000 | ---D | M] (Free TV Bar Community Toolbar) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\extensions\{a0729639-d831-46c9-811b-9b0aa79fb45a}
[2011/04/06 23:11:59 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2011/03/31 20:12:31 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\extensions\engine@conduit.com
[2010/04/03 23:06:18 | 000,002,424 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Mozilla\Firefox\Profiles\2nws9g7u.default\searchplugins\askcom.xml
[2011/03/27 09:21:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/02/27 18:35:58 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/29 20:29:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/02 19:27:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/02 21:35:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/01/24 19:03:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
[2010/11/19 22:42:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DELUCA\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\2NWS9G7U.DEFAULT\EXTENSIONS\{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI
[2009/03/23 20:13:33 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 08:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2010/07/28 12:20:04 | 000,124,200 | ---- | M] (DeLorme) -- C:\Program Files\Mozilla Firefox\plugins\nppnplugin.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
[2010/03/25 19:45:23 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2010/03/25 19:45:23 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/04/07 19:14:04 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (DeLorme Send To GPS) - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll (DeLorme)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-57989841-1336601894-839522115-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1336601894-839522115-1003\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No CLSID value found.
O4 - HKLM..\Run: [BDRegion] C:\Program Files\CyberLink\Shared Files\brs.exe (cyberlink)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [InstantBurn] C:\Program Files\CyberLink\InstantBurn\Win2K\IBurn.exe (CyberLink Corporation.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX6000] C:\WINDOWS\vVX6000.exe (Microsoft Corporation
)
O4 - HKLM..\Run: [WD Button Manager] C:\WINDOWS\System32\WDBtnMgr.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\S-1-5-21-57989841-1336601894-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-57989841-1336601894-839522115-1003..\Run: [OfotoNow USB Detection] C:\Program Files\Ofoto\OfotoNow\OFUSBS.dll (Ofoto, Inc.)
O4 - HKU\S-1-5-21-57989841-1336601894-839522115-1003..\Run: [Power2GoExpress] C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-57989841-1336601894-839522115-1003..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-57989841-1336601894-839522115-1003..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-57989841-1336601894-839522115-500..\Run: [Search Protection] File not found
O4 - Startup: C:\Documents and Settings\DeLuca\Start Menu\Programs\Startup\PMB Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57989841-1336601894-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1336601894-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-57989841-1336601894-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-57989841-1336601894-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-57989841-1336601894-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57989841-1336601894-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1206284446328 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/22 23:44:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/06/18 17:12:18 | 000,000,088 | ---- | M] () - K:\autorun.inf -- [ UDF1.50 ]
O32 - AutoRun File - [2010/02/17 10:56:28 | 000,000,000 | ---- | M] () - Y:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/07 19:37:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeLuca\Desktop\OTL.exe
[2011/04/07 19:22:08 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/07 19:08:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/04/06 23:25:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/06 23:22:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/06 23:22:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/06 23:22:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/06 23:22:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/06 23:22:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/06 23:22:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/04 19:15:33 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\DeLuca\Desktop\TFC.exe
[2011/03/30 22:15:14 | 000,000,000 | ---D | C] -- C:\Program Files\TDSSKiller
[2011/03/29 22:35:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\DeLuca\My Documents\ShadowEditFiles
[2011/03/27 08:57:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\DeLuca\Start Menu\Programs\CleanUp!
[2011/03/27 08:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2011/03/27 08:13:26 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\DeLuca\Recent
[2011/03/26 19:31:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/26 16:43:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2011/03/25 23:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\skypePM
[2011/03/25 21:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/25 21:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/25 21:17:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/03/25 21:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/25 21:11:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/25 21:11:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/08/06 22:37:46 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\DeLuca\Application Data\pcouffin.sys
[2008/03/23 12:43:40 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/03/23 12:43:39 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\Documents and Settings\DeLuca\My Documents\*.tmp files -> C:\Documents and Settings\DeLuca\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/07 19:39:39 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-1336601894-839522115-1003.job
[2011/04/07 19:39:39 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-1336601894-839522115-1003.job
[2011/04/07 19:37:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeLuca\Desktop\OTL.exe
[2011/04/07 19:36:24 | 000,002,539 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook 2007.lnk
[2011/04/07 19:14:04 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/07 19:00:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/07 18:56:15 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/07 07:48:46 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000005-00001102-00000005-10031102}.rfx
[2011/04/07 07:48:46 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000005-00001102-00000005-10031102}.rfx
[2011/04/07 07:48:46 | 000,054,320 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000005-00001102-00000005-10031102}.rfx
[2011/04/07 07:48:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/07 07:48:46 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/07 07:43:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1336601894-839522115-1003UA.job
[2011/04/06 23:44:28 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/06 23:44:27 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/06 23:44:27 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-1336601894-839522115-1005.job
[2011/04/06 23:34:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/06 23:25:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/06 20:55:53 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Iquvigih.dat
[2011/04/06 19:53:55 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/04 20:43:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1336601894-839522115-1003Core.job
[2011/04/04 19:30:23 | 000,139,776 | ---- | M] () -- C:\Documents and Settings\DeLuca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/04 19:14:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeLuca\Desktop\TFC.exe
[2011/04/03 22:53:59 | 000,002,533 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/04/02 07:11:54 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-1336601894-839522115-1005.job
[2011/04/01 23:16:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/03/30 22:15:36 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TDSSKiller.exe.lnk
[2011/03/29 06:17:34 | 000,607,444 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/29 06:17:34 | 000,129,242 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/27 19:19:03 | 000,000,730 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/03/27 08:43:56 | 000,072,732 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/27 08:43:28 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/03/25 21:39:39 | 001,440,054 | ---- | M] () -- C:\Documents and Settings\DeLuca\Desktop\BYKTWD-2011-logo.bmp
[2011/03/25 21:25:21 | 000,002,425 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Picture Manager.lnk
[2011/03/25 20:41:31 | 000,000,111 | ---- | M] () -- C:\Documents and Settings\DeLuca\Desktop\Transforming Debt Into Wealth®.URL
[2011/03/21 23:48:09 | 000,013,334 | -HS- | M] () -- C:\Documents and Settings\DeLuca\Local Settings\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 23:48:09 | 000,013,334 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/19 09:56:10 | 000,000,155 | ---- | M] () -- C:\Documents and Settings\DeLuca\Desktop\Amazon.com Waring Pro WHM100 Professional 10- Speed Hand Mixer, Black Home & Garden.URL
[2011/03/15 23:21:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[1 C:\Documents and Settings\DeLuca\My Documents\*.tmp files -> C:\Documents and Settings\DeLuca\My Documents\*.tmp -> ]

dudgorgon · 2011/04/07

OTL.Txt - latter half of log (the log was too long post as a whole)

========== Files Created - No Company Name ==========

[2011/04/06 23:25:30 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/06 23:25:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/06 23:22:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/06 23:22:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/06 23:22:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/06 23:22:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/06 23:22:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/30 22:15:36 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to TDSSKiller.exe.lnk
[2011/03/27 19:19:03 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Firefox.lnk
[2011/03/27 09:21:17 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/27 08:43:56 | 000,072,732 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/03/26 06:27:23 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-1336601894-839522115-1005.job
[2011/03/26 06:27:22 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-57989841-1336601894-839522115-1005.job
[2011/03/25 21:37:54 | 001,440,054 | ---- | C] () -- C:\Documents and Settings\DeLuca\Desktop\BYKTWD-2011-logo.bmp
[2011/03/25 21:23:01 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-57989841-1336601894-839522115-1003.job
[2011/03/25 21:03:17 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Iquvigih.dat
[2011/03/25 20:41:31 | 000,000,111 | ---- | C] () -- C:\Documents and Settings\DeLuca\Desktop\Transforming Debt Into Wealth®.URL
[2011/03/21 23:45:36 | 000,013,334 | -HS- | C] () -- C:\Documents and Settings\DeLuca\Local Settings\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/21 23:45:36 | 000,013,334 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0qo6n56dqg7b12mtrqt6221tv781hsx41s5q
[2011/03/19 09:56:10 | 000,000,155 | ---- | C] () -- C:\Documents and Settings\DeLuca\Desktop\Amazon.com Waring Pro WHM100 Professional 10- Speed Hand Mixer, Black Home & Garden.URL
[2011/02/27 18:37:10 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/19 14:09:05 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\577AA3B567.sys
[2010/08/28 16:11:54 | 000,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2010/08/13 21:26:04 | 000,514,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/07 13:56:39 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2010/05/24 20:17:43 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2010/03/29 20:28:51 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2010/03/24 21:18:06 | 000,001,832 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2010/03/24 21:13:34 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2010/03/24 21:13:34 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2010/03/24 21:13:34 | 000,001,571 | ---- | C] () -- C:\WINDOWS\Faxcpp1.ini
[2010/03/24 21:13:34 | 000,000,422 | ---- | C] () -- C:\WINDOWS\Faxcpp.ini
[2010/03/24 21:13:34 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2010/03/24 21:12:08 | 000,000,198 | ---- | C] () -- C:\WINDOWS\EPSON 1250 Installer.ini
[2010/03/02 23:00:37 | 000,876,544 | ---- | C] () -- C:\WINDOWS\System32\TEACico2.dll
[2010/02/07 16:39:26 | 000,038,487 | ---- | C] () -- C:\Documents and Settings\DeLuca\Application Data\Comma Separated Values (Windows).ADR
[2010/01/10 12:36:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2009/12/29 15:47:37 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\EE664C2956.sys
[2009/11/14 20:43:23 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/01 19:52:14 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/01/24 21:07:47 | 000,000,810 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008/09/28 16:26:02 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/22 19:33:02 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/09/19 17:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 17:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/08/06 22:37:46 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\DeLuca\Application Data\pcouffin.cat
[2008/08/06 22:37:46 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\DeLuca\Application Data\pcouffin.inf
[2008/07/14 21:16:48 | 000,112,596 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/07/09 22:39:14 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\DeLuca\Local Settings\Application Data\fusioncache.dat
[2008/06/23 18:56:43 | 000,000,525 | ---- | C] () -- C:\WINDOWS\QIII.INI
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/11 23:21:38 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/04/07 22:45:40 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/07 21:01:59 | 000,010,532 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/04/06 21:46:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\DeLuca\Local Settings\Application Data\rx_image.Cache
[2008/04/06 20:23:32 | 000,000,321 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/04/02 23:28:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/04/01 08:50:16 | 000,139,776 | ---- | C] () -- C:\Documents and Settings\DeLuca\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/01 08:50:05 | 000,001,922 | ---- | C] () -- C:\Documents and Settings\DeLuca\Application Data\.googlewebacchosts
[2008/03/27 22:05:13 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/03/27 22:05:12 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/03/27 22:05:12 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/03/27 22:05:10 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/03/23 12:45:22 | 000,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2008/03/23 12:45:22 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/03/23 12:45:22 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/23 12:43:41 | 000,366,255 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/23 12:43:41 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/23 12:43:41 | 000,265,066 | ---- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2008/03/23 12:43:41 | 000,231,821 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2008/03/23 12:43:41 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2008/03/23 12:43:41 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/03/23 12:43:41 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/23 12:43:40 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/03/23 12:43:40 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/03/23 12:43:40 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/03/23 12:43:39 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2008/03/23 11:46:21 | 000,036,060 | ---- | C] () -- C:\WINDOWS\System32\BEPerfDll.ini
[2008/03/23 10:49:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/23 08:58:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/03/22 23:46:27 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/22 23:40:57 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/22 15:42:59 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/22 15:41:50 | 000,345,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/02 20:40:12 | 000,174,656 | ---- | C] () -- C:\WINDOWS\System32\PSIService.exe
[2005/07/15 14:35:56 | 000,831,488 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/07/15 14:35:56 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,607,444 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,129,242 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/03/02 10:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2010/05/24 20:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/01/21 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
[2010/07/22 20:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData
[2010/12/25 11:15:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2011/02/20 23:05:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\ISNDOVICKE
[2010/02/28 14:31:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Karen's Power Tools
[2008/08/06 22:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2010/10/18 20:36:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/03/27 22:43:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SlySoft
[2011/02/02 23:20:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/02 16:06:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2010/11/25 00:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/01/17 22:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2011/03/26 06:24:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\backup\Application Data\Windows Desktop Search
[2011/03/26 06:23:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\backup\Application Data\WTouch
[2010/05/24 20:17:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Canneverbe Limited
[2008/12/24 14:45:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Canon
[2010/06/19 13:15:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Facebook
[2010/12/25 11:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\GARMIN
[2010/03/04 20:14:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\GetRightToGo
[2008/06/19 20:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\InterVideo
[2008/03/23 11:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\OfficeUpdate12
[2008/04/07 21:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Ofoto
[2008/07/14 21:22:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Opera
[2009/05/01 19:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Research In Motion
[2011/02/04 00:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\RipIt4Me
[2011/01/13 23:00:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Sony Online Entertainment
[2010/06/20 15:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\The Hobbit
[2011/01/02 16:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\TomTom
[2009/02/06 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\uTorrent
[2010/11/24 18:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Vso
[2010/03/04 19:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Western Digital
[2010/02/07 16:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\Windows Desktop Search
[2010/08/07 14:18:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\DeLuca\Application Data\WTouch

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/07/14 22:33:38 | 000,049,176 | ---- | M] () -- C:\adamm.log
[2010/07/22 20:37:47 | 000,000,000 | ---- | M] () -- C:\AdobeDebug.txt
[2008/03/22 23:44:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/03/22 23:33:00 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/04/06 23:25:30 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/04/07 19:16:35 | 000,018,909 | ---- | M] () -- C:\ComboFix.txt
[2008/03/22 23:44:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/02/27 18:42:08 | 000,921,624 | ---- | M] () -- C:\DC6810xp-001.raw
[2010/09/06 22:32:39 | 000,000,000 | ---- | M] () -- C:\install.rdf
[2008/03/22 23:44:00 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/03/22 23:44:00 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/10 14:38:18 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/06/29 21:30:15 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2011/03/26 23:27:25 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2011/04/06 23:34:29 | 4290,772,992 | -HS- | M] () -- C:\pagefile.sys
[2011/04/03 23:12:31 | 000,000,596 | ---- | M] () -- C:\rkill.log
[2011/04/01 21:47:27 | 000,002,136 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.04.2011_21.47.17_log.txt
[2011/04/01 21:47:36 | 000,002,136 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_01.04.2011_21.47.29_log.txt
[2011/04/06 21:05:47 | 000,054,686 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_06.04.2011_21.04.59_log.txt
[2011/03/27 09:08:56 | 000,053,046 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_27.03.2011_09.07.54_log.txt
[2011/03/27 09:17:36 | 000,052,294 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_27.03.2011_09.15.18_log.txt
[2011/03/30 22:16:10 | 000,052,326 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_30.03.2011_22.15.41_log.txt
[2008/03/23 19:53:23 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2008/03/22 23:43:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/12/10 10:24:06 | 000,082,168 | ---- | M] (Microsoft Corporation.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lmdippr8.dll
[2006/10/26 19:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[1999/07/20 11:33:54 | 000,286,720 | ---- | M] () -- C:\WINDOWS\Film Factory.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/03/22 15:39:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/03/22 15:39:55 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/03/22 15:39:55 | 000,946,176 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/08/10 14:42:36 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008/03/23 00:30:53 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2011/02/21 10:29:55 | 000,002,855 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Shortcut to rkill.com.pif
[2008/03/23 00:30:53 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\DeLuca\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/08/31 21:36:06 | 019,653,399 | ---- | M] () -- C:\Documents and Settings\DeLuca\Desktop\DOOM3-1.3.1.exe
[2011/02/21 13:02:07 | 049,574,232 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\DeLuca\Desktop\N360-ESD-NoDefs-18-5-0-125-EN.exe
[2011/04/07 19:37:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeLuca\Desktop\OTL.exe
[2011/04/04 19:14:35 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\DeLuca\Desktop\TFC.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/03/17 14:24:10 | 000,013,022 | ---- | M] () -- C:\WINDOWS\VX6000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/03/23 00:30:53 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\DeLuca\Favorites\Desktop.ini
[2011/04/06 21:32:46 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\DeLuca\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
No captured output from command...

< dir /b "%systemroot%\*.exe" | find /i " " /c >
No captured output from command...

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/12/20 22:10:34 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\DeLuca\Cookies\desktop.ini
[2011/04/07 19:39:37 | 000,163,840 | -HS- | M] () -- C:\Documents and Settings\DeLuca\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 02:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 14:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 14:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 14:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 02:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 02:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\My Snapfire Shows:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\DVDFab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1

< End of report >

broni · 2011/04/07

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

=====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
FF - prefs.js..browser.search.defaultenginename:  "Fast Browser Search "
FF - prefs.js..browser.search.order.1:  "Fast Browser Search "
[2010/03/25 19:45:23 | 000,003,700 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.png
[2010/03/25 19:45:23 | 000,001,963 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fast.xml
O3 - HKU\S-1-5-21-57989841-1336601894-839522115-1003\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKU\S-1-5-21-57989841-1336601894-839522115-1003\..\Toolbar\WebBrowser: (no name) - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No CLSID value found.
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[1 C:\Documents and Settings\DeLuca\My Documents\*.tmp files -> C:\Documents and Settings\DeLuca\My Documents\*.tmp -> ]
[2011/02/27 18:37:10 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/19 14:09:05 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\577AA3B567.sys
[2009/12/29 15:47:37 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\EE664C2956.sys
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\PcSetup:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\My Videos:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\My Snapfire Shows:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\My PSP Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\DVDFab:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Documents and Settings\DeLuca\My Documents\Downloads:Roxio EMC Stream
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
=====================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

dudgorgon · 2011/04/08

ESET Online Scanner

This is currently running and has been for pver 3 hours. I'll post the logs tomorrow for it and the other ones.

broni · 2011/04/08

No problem

dudgorgon · 2011/04/09

JavaRa log

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Apr 07 22:03:50 2011

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_15

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_17

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_19

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_20

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_21

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_22

Found and removed: C:\Documents and Settings\DeLuca\Application Data\Sun\Java\jre1.6.0_23

Found and removed: Applications\java.exe

Found and removed: Applications\javaw.exe

Found and removed: JavaPlugin.FamilyVersionSupport

Found and removed: CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}

Found and removed: CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}

Found and removed: JavaScript

Found and removed: JavaScript Author

Found and removed: JavaScript1.1

Found and removed: JavaScript1.1 Author

Found and removed: JavaScript1.2

Found and removed: JavaScript1.2 Author

Found and removed: Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}

Found and removed: Software\JavaSoft\Java Update

Found and removed: SOFTWARE\Classes\JavaPlugin

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3412062B03

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B02

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0357E4991DA5FF14F9615B3612062B03

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.2.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.3.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.4.1

Found and removed: SOFTWARE\MozillaPlugins\@java.com/JavaPlugin\MimeTypes\application/x-java-applet;version=1.5

JavaRa 1.16 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Thu Apr 07 22:04:08 2011

Found and removed: CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}

------------------------------------

Finished reporting.

dudgorgon · 2011/04/09

OTL Log

All processes killed
========== OTL ==========
Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
Prefs.js: "Fast Browser Search" removed from browser.search.order.1
C:\Program Files\Mozilla Firefox\searchplugins\fast.png moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\fast.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-57989841-1336601894-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
Registry value HKEY_USERS\S-1-5-21-57989841-1336601894-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}\ not found.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clonewarsadventures.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\freerealms.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\soe.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sony.com\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\DeLuca\My Documents\JmwA67.tmp folder deleted successfully.
C:\WINDOWS\system32\ezsidmv.dat moved successfully.
C:\WINDOWS\system32\577AA3B567.sys moved successfully.
C:\WINDOWS\system32\EE664C2956.sys moved successfully.
ADS C:\Documents and Settings\DeLuca\My Documents\PcSetup:Roxio EMC Stream deleted successfully.
Unable to delete ADS C:\Documents and Settings\DeLuca\My Documents\My Videos:Roxio EMC Stream .
ADS C:\Documents and Settings\DeLuca\My Documents\My Snapfire Shows:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\DeLuca\My Documents\My PSP Files:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\DeLuca\My Documents\DVDFab:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\DeLuca\My Documents\Downloads:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: administrator.ZOO-690
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: All Users

User: backup
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: DeLuca
->Temp folder emptied: 10263015 bytes
->Temporary Internet Files folder emptied: 11579741 bytes
->Java cache emptied: 7443 bytes
->FireFox cache emptied: 39566669 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 5049 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 11470829 bytes

Total Files Cleaned = 70.00 mb

[EMPTYFLASH]

User: Administrator

User: administrator.ZOO-690

User: All Users

User: backup
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: DeLuca
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04072011_220730

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\DeLuca\Local Settings\Temp\~DFBD20.tmp not found!
File\Folder C:\Documents and Settings\DeLuca\Local Settings\Temp\~DFBD2B.tmp not found!
File\Folder C:\Documents and Settings\DeLuca\Local Settings\Temp\~DFBDB0.tmp not found!
File\Folder C:\Documents and Settings\DeLuca\Local Settings\Temp\~DFBDBB.tmp not found!
File\Folder C:\Documents and Settings\DeLuca\Local Settings\Temp\~DFBE13.tmp not found!
File\Folder C:\Documents and Settings\DeLuca\Local Settings\Temp\~DFBE1E.tmp not found!
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\Content.Word\~WRS{E4637B05-B5DC-49A7-944F-32BE6144BFF9}.tmp moved successfully.
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\Content.IE5\OUVZ26HJ\;ord=1086011598[1].htm moved successfully.
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\Content.IE5\C0I5RW1M\00b42e3a-b809-49b2-b433-cc45b2bc89d33rd_party_BBS[2].htm moved successfully.
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\Content.IE5\C0I5RW1M\iframescript[1].htm moved successfully.
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\Content.IE5\C0I5RW1M\p-01-0VIaSjnOLg[1].gif moved successfully.
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\Content.IE5\15B4780K\98490-active-browser-auto-redirects-trojan-not-having-fun-2[2].html moved successfully.
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\Content.IE5\15B4780K\ads[2].htm moved successfully.
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\Content.IE5\15B4780K\p-01-0VIaSjnOLg[2].gif moved successfully.
C:\Documents and Settings\DeLuca\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_a8c.dat moved successfully.
C:\WINDOWS\temp\Perflib_Perfdata_a14.dat moved successfully.

Registry entries deleted on Reboot...

dudgorgon · 2011/04/09

CheckUp log

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Symantec AntiVirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Adobe Reader 9.4.3
Chinese Traditional Fonts Support For Adobe Reader 9
Korean Fonts Support For Adobe Reader 9
Japanese Fonts Support For Adobe Reader 9
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus SavRoam.exe
Symantec AntiVirus Rtvscan.exe
``````````End of Log````````````

dudgorgon · 2011/04/09

ESET log

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\09c1ee\2788.mof.vir Win32/RogueAV.A trojan
C:\Qoobox\Quarantine\C\Documents and Settings\DeLuca\Application Data\4BBF50ADB298B2D518030D529D60C533\enemies-names.txt.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Qoobox\Quarantine\C\Documents and Settings\DeLuca\Application Data\4BBF50ADB298B2D518030D529D60C533\local.ini.vir Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\Qoobox\Quarantine\C\WINDOWS\evivamiwokojegig.dll.vir a variant of Win32/Kryptik.JYZ trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\olecliy.dll.vir a variant of Win32/Adware.Virtumonde.NHL application
C:\System Volume Information\_restore{1D61E0F8-E7D7-4521-905F-C571DF5DCF95}\RP1\A0000034.mof Win32/RogueAV.A trojan
C:\System Volume Information\_restore{1D61E0F8-E7D7-4521-905F-C571DF5DCF95}\RP1\A0000042.ini Win32/Adware.AntimalwareDoctor.AE.Gen application
C:\System Volume Information\_restore{1D61E0F8-E7D7-4521-905F-C571DF5DCF95}\RP1\A0000047.dll a variant of Win32/Kryptik.JYZ trojan
C:\System Volume Information\_restore{1D61E0F8-E7D7-4521-905F-C571DF5DCF95}\RP1\A0000277.dll a variant of Win32/Adware.Virtumonde.NHL application
C:\WINDOWS\idediyub.dll a variant of Win32/Kryptik.MHG trojan
D:\Archives\Software Programs\DVD CD - Players, rippers, utils\MP3 Utils & Players\DivX\DivXPro502GAINBundle.exe Win32/Adware.Gator application
D:\Archives\Software Programs\DVD CD - Players, rippers, utils\Rippers\easy-cd-ripper.exe multiple threats
D:\Archives\Software Programs\DVD, CD, & Video Utils\MP3 Utils & Players\DivX\DivXPro502GAINBundle.exe Win32/Adware.Gator application
D:\Archives\Software Programs\DVD, CD, & Video Utils\Rippers\easy-cd-ripper.exe multiple threats
L:\DaddyO Data\DaddyO Archives\Software Programs\DVD CD - Players, rippers, utils\Rippers\easy-cd-ripper.exe multiple threats
L:\DaddyO Data\DaddyO Archives\Software Programs\DVD, CD, & Video Utils\Rippers\easy-cd-ripper.exe multiple threats

broni · 2011/04/09

Update Adobe Reader

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.

=====================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\WINDOWS\idediyub.dll 
D:\Archives\Software Programs\DVD CD - Players, rippers, utils\MP3 Utils & Players\DivX\DivXPro502GAINBundle.exe 
D:\Archives\Software Programs\DVD CD - Players, rippers, utils\Rippers\easy-cd-ripper.exe 
D:\Archives\Software Programs\DVD, CD, & Video Utils\MP3 Utils & Players\DivX\DivXPro502GAINBundle.exe 
D:\Archives\Software Programs\DVD, CD, & Video Utils\Rippers\easy-cd-ripper.exe 
L:\DaddyO Data\DaddyO Archives\Software Programs\DVD CD - Players, rippers, utils\Rippers\easy-cd-ripper.exe 
L:\DaddyO Data\DaddyO Archives\Software Programs\DVD, CD, & Video Utils\Rippers\easy-cd-ripper.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

dudgorgon · 2011/04/10

Much better...

The system is back to normal. Thanks for all of your help.

broni · 2011/04/10

Well done

Good luck and stay safe

Log in or Sign up

Solved Browser auto-redirects, Trojan, & not having fun

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Browser auto-redirects, Trojan, & not having fun

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

dudgorgon Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches