Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 49

Thread: Need Help uninstalling iLivid

  1. #21
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Bruce C,

    Thank you for the update. I'll wait to hear from you.

    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  2. #22
    Member
    Join Date
    Dec 2011
    Posts
    30

    Question Anti-malware

    Hi Scholobar, I tried your inst. on my own but ran into a questionable site regarding Malwarebytes' anti-Malware . . When I thought I finnaly got to the free part they wanted my e-mail ect so they coulld send me the dnld. Sounded fishey? So I stopped there. Thanks , Bruce

  3. #23
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Scan log ;I found my way again

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2011.12.30.03

    Windows Vista Service Pack 2 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Bruce :: BRUCE-PC [administrator]

    12/30/2011 4:07:30 PM
    mbam-log-2011-12-30 (16-07-30).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 176117
    Time elapsed: 4 minute(s), 18 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (

  4. #24
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default OTL scan Step 3

    OTL logfile created on: 12/30/2011 7:51:48 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 48.11% Memory free
    4.11 Gb Paging File | 2.76 Gb Available in Paging File | 67.10% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.79 Gb Total Space | 109.66 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

    Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
    PRC - [2011/11/15 06:40:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
    PRC - [2011/11/12 12:49:09 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
    PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
    PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
    PRC - [2010/01/27 08:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
    PRC - [2009/02/18 23:30:36 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
    PRC - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
    PRC - [2009/02/18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
    PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
    PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/10/14 14:51:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
    MOD - [2011/10/13 20:38:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
    MOD - [2011/10/13 20:38:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
    MOD - [2011/10/13 20:37:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
    MOD - [2011/10/13 20:37:27 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
    MOD - [2011/10/13 20:37:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
    MOD - [2011/10/13 20:37:19 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
    MOD - [2011/10/13 20:36:54 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
    MOD - [2011/10/13 20:36:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
    MOD - [2011/10/13 20:36:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
    MOD - [2011/10/13 20:35:05 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
    MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2010/08/14 10:58:52 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
    MOD - [2010/04/11 08:17:08 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
    MOD - [2010/04/11 08:17:08 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
    MOD - [2010/04/11 08:17:07 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
    MOD - [2010/04/11 08:17:07 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
    MOD - [2010/04/11 08:17:07 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
    MOD - [2010/04/11 08:17:07 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
    MOD - [2010/04/11 08:17:07 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
    MOD - [2010/04/11 08:17:07 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
    MOD - [2010/04/11 08:17:06 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
    MOD - [2010/04/11 08:17:06 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
    MOD - [2010/04/11 08:17:06 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
    MOD - [2010/04/11 08:17:04 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
    MOD - [2010/04/11 08:17:03 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
    MOD - [2010/04/11 08:17:03 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
    MOD - [2010/04/11 08:17:02 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
    MOD - [2010/04/11 08:17:02 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
    MOD - [2010/04/11 08:17:02 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
    MOD - [2010/04/11 08:17:02 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
    MOD - [2010/04/11 08:17:01 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
    MOD - [2010/04/11 08:17:01 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
    MOD - [2010/04/11 08:17:01 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
    MOD - [2010/04/11 08:17:01 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
    MOD - [2010/04/11 08:17:01 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
    MOD - [2010/04/11 08:17:00 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
    MOD - [2010/04/11 08:17:00 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
    MOD - [2010/04/11 08:17:00 | 000,233,984 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
    MOD - [2010/04/11 08:17:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
    MOD - [2010/04/11 08:17:00 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
    MOD - [2010/04/11 08:16:59 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
    MOD - [2010/04/11 08:16:59 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
    MOD - [2010/04/11 08:16:58 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
    MOD - [2010/04/11 08:16:58 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
    MOD - [2010/04/11 08:16:58 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
    MOD - [2010/04/11 08:16:57 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
    SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
    SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
    SRV - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2008/02/25 15:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
    SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
    SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/12/03 08:35:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111230.002\NAVEX15.SYS -- (NAVEX15)
    DRV - [2011/12/03 08:35:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
    DRV - [2011/12/03 08:35:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111230.002\NAVENG.SYS -- (NAVENG)
    DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
    DRV - [2011/11/09 05:53:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2011/10/15 14:18:40 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
    DRV - [2011/10/14 21:43:08 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
    DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
    DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
    DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
    DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
    DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
    DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
    DRV - [2008/12/18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/12/18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFVsp.sys -- (GzOFVsp)
    DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFMdm.sys -- (GzOFMdm)
    DRV - [2008/12/16 01:43:48 | 000,033,408 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFBus.sys -- (GzOFBus)
    DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
    DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
    DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
    DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2006/12/20 14:31:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2006/12/07 23:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
    DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
    DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
    DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========



    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 82 A4 95 0C C4 CC 01 [binary data]
    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/19 04:54:09 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/30 08:41:57 | 000,000,000 | ---D | M]


    O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O3 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
    O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
    O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
    O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Ranges: GD ([http] in Local intranet)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{936F5662-F742-42F8-9394-D480B27297A0}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/12/30 15:41:14 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Malwarebytes
    [2011/12/30 15:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/12/30 15:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/12/30 15:40:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/12/30 15:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/12/26 15:08:45 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/12/21 19:42:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
    [2011/12/16 07:57:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
    [2011/12/16 07:57:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
    [2011/12/16 07:57:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
    [2011/12/16 07:57:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
    [2011/12/16 07:57:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
    [2011/12/16 07:57:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
    [2011/12/15 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2011/12/15 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2011/12/15 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2011/12/15 10:30:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
    [2011/12/15 10:30:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
    [2011/12/15 10:30:15 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
    [2011/12/15 10:30:13 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
    [2011/12/15 10:30:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
    [2011/12/15 10:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
    [2011/12/12 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (3)
    [2011/12/06 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder
    [2008/09/06 13:06:55 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
    [2008/09/06 13:06:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
    [2008/09/06 13:06:46 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
    [2008/09/06 13:06:44 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
    [2008/09/06 13:06:43 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
    [2008/09/06 13:06:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
    [2008/09/06 13:06:41 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
    [2008/09/06 13:06:40 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
    [2008/09/06 13:06:37 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
    [2008/09/06 13:06:36 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
    [2008/09/06 13:06:32 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
    [2008/09/06 13:06:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
    [2008/09/06 13:06:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
    [2008/09/06 13:06:29 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/12/30 18:41:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/12/30 18:41:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/12/30 18:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/12/30 16:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/12/30 15:41:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/30 15:08:51 | 000,074,657 | ---- | M] () -- C:\Users\Bruce\Desktop\#3.htm
    [2011/12/30 14:59:31 | 000,008,871 | ---- | M] () -- C:\Users\Bruce\Desktop\downloadget.htm
    [2011/12/30 14:56:28 | 000,037,251 | ---- | M] () -- C:\Users\Bruce\Desktop\downloadav-ppc_1.htm
    [2011/12/30 14:43:28 | 000,074,657 | ---- | M] () -- C:\Users\Bruce\Desktop\download malwareebytes'anti malware.htm
    [2011/12/30 14:41:35 | 000,074,616 | ---- | M] () -- C:\Users\Bruce\Desktop\download.htm
    [2011/12/30 14:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
    [2011/12/30 08:48:03 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/12/30 08:48:03 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/12/30 08:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/12/29 21:25:33 | 000,002,714 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2011/12/27 20:40:22 | 000,139,264 | ---- | M] () -- C:\Users\Bruce\Desktop\SystemLook.exe
    [2011/12/27 20:19:23 | 000,313,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2011/12/25 22:17:03 | 024,664,064 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
    [2011/12/21 20:05:32 | 000,879,683 | ---- | M] () -- C:\Users\Bruce\Desktop\SecurityCheck.exe
    [2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
    [2011/12/20 22:45:23 | 047,326,208 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
    [2011/12/15 19:04:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/12/09 22:08:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bruce.job
    [2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2011/12/02 08:34:49 | 000,000,000 | ---- | M] () -- C:\Users\Bruce\Documents\ATT00682.jpg
    [2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
    [2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
    [2011/12/01 15:10:01 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/12/30 15:41:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2011/12/30 15:08:51 | 000,074,657 | ---- | C] () -- C:\Users\Bruce\Desktop\#3.htm
    [2011/12/30 14:59:31 | 000,008,871 | ---- | C] () -- C:\Users\Bruce\Desktop\downloadget.htm
    [2011/12/30 14:56:28 | 000,037,251 | ---- | C] () -- C:\Users\Bruce\Desktop\downloadav-ppc_1.htm
    [2011/12/30 14:43:28 | 000,074,657 | ---- | C] () -- C:\Users\Bruce\Desktop\download malwareebytes'anti malware.htm
    [2011/12/30 14:41:34 | 000,074,616 | ---- | C] () -- C:\Users\Bruce\Desktop\download.htm
    [2011/12/27 20:40:22 | 000,139,264 | ---- | C] () -- C:\Users\Bruce\Desktop\SystemLook.exe
    [2011/12/21 20:05:32 | 000,879,683 | ---- | C] () -- C:\Users\Bruce\Desktop\SecurityCheck.exe
    [2011/12/15 19:04:54 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2011/12/02 08:34:48 | 000,000,000 | ---- | C] () -- C:\Users\Bruce\Documents\ATT00682.jpg
    [2011/05/18 16:59:52 | 000,001,940 | ---- | C] () -- C:\Users\Bruce\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
    [2009/09/16 18:25:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/16 18:25:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
    [2008/11/17 17:34:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2008/09/06 13:08:36 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
    [2008/09/06 13:08:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
    [2008/09/06 13:07:02 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
    [2008/09/06 13:06:45 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
    [2008/09/06 13:06:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
    [2008/09/06 13:06:39 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
    [2008/09/06 13:06:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
    [2008/09/06 13:06:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
    [2008/09/06 13:06:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
    [2008/09/06 13:06:33 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
    [2008/09/06 13:06:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
    [2008/09/06 13:06:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
    [2008/02/21 19:41:24 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
    [2008/02/19 21:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
    [2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
    [2007/12/12 20:32:40 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
    [2007/11/13 18:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
    [2007/10/13 08:29:19 | 000,033,792 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/10/13 08:21:35 | 000,002,714 | ---- | C] () -- C:\Windows\bthservsdp.dat
    [2007/04/28 13:41:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
    [2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
    [2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
    [2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 07:47:37 | 000,313,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
    [2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

    ========== LOP Check ==========

    [2008/03/30 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Leadertech
    [2010/12/10 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\PCDr
    [2009/01/29 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Skinux
    [2010/08/15 07:12:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Tific
    [2011/01/05 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Uniblue
    [2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2011/12/29 21:25:32 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2011/12/30 14:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
    [2010/09/03 20:24:56 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40FFB3E6-5C62-43BA-803E-82D3168ED07A}.job

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 804 bytes -> C:\Users\Bruce\Documents\Fwd_ [Fwd_ FW_ S.Y.B.S.T.D.].eml:OECustomProperty

    < End of report >

    OTL Extras logfile created on: 12/30/2011 7:51:48 PM - Run 2
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.94 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 48.11% Memory free
    4.11 Gb Paging File | 2.76 Gb Available in Paging File | 67.10% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 222.79 Gb Total Space | 109.66 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
    Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

    Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 1
    "InternetSettingsDisableNotify" = 1
    "AutoUpdateDisableNotify" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{01C71FE6-FD48-485C-AF13-3808DC87F217}" = rport=138 | protocol=17 | dir=out | app=system |
    "{0614EFC1-D649-4348-9388-4DDE71007316}" = rport=139 | protocol=6 | dir=out | app=system |
    "{143FB136-D8E0-4AA0-B5A9-8C8D8064AABD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{41937103-B807-4395-82F0-5DF463440BDE}" = rport=137 | protocol=17 | dir=out | app=system |
    "{4B351C59-02A7-4868-81B3-0AEB069AB52A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{63D50AA6-4DCA-4A6B-B677-8088ED6F04BF}" = lport=445 | protocol=6 | dir=in | app=system |
    "{6AE72094-FDDC-4ACD-BE11-0B837B2B8841}" = lport=138 | protocol=17 | dir=in | app=system |
    "{7CC836D6-6F69-43B3-B802-11CFD279CB06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{87829809-6925-44EC-B0F4-9FD38BD5424C}" = rport=445 | protocol=6 | dir=out | app=system |
    "{AAAA0641-7FD8-4D52-83A0-F02BE7821F5C}" = lport=139 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{011558CB-9AD7-43BA-9799-60F9CC69854D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{078680B7-2530-4CDC-A0F3-6259239A5BE1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{0C01E7FA-7331-4A63-81A7-22B4F6980655}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
    "{1890D10E-D950-4AB2-8144-2ABBBB54D52A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{34980A69-2428-46A5-AAB5-3EA8BA49BF92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{3A4F0DC8-415B-48D7-BAD8-612A8EFD67BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{3C2F3189-ACE2-4514-AC48-BA372DCA9BBD}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
    "{548FE892-E2C1-4734-9622-CDC154D8950A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
    "{56D766BF-352A-4538-A6ED-210C372318B2}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{5AF716DF-7D29-476C-9B19-47C1AC2E9A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{680F9F34-4315-4B4B-9BC5-DD706129F1ED}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
    "{6E3C1CE7-99DA-4F6C-A4D1-81B6581ADABD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{84C0CD36-566D-4FBA-8BC7-8CFD02AD49A1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
    "{936A5380-2522-4AB3-AF91-F5B127DC6F4F}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
    "{A2BA0F5E-0619-47FF-874A-AD28EE49D254}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{A764267E-DFFB-4736-A41F-2A30D2444975}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
    "{A8A24D1E-68FC-4065-8C3E-A22C7F14B4A9}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe |
    "{B9AEF5AB-16EA-447E-BC82-78B3832C8520}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
    "{BAAE4544-A02D-42C3-8D4E-05CF6655B595}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
    "{C3C84773-D758-480E-A42B-40A86D8CD75A}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
    "{C4B812CF-49A9-4FC5-A0D8-7D71AD891495}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe |
    "{D295D8C1-4942-4798-9DEC-3BC89FD808D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
    "{D58EA2EE-3ABF-4C74-9B1E-63F73876DEF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{EFFEC8CA-527A-4187-A197-0EA5FA88C14D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
    "{F061D39C-4EA5-4406-A2CB-F89E392DC400}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{F4ACB043-CE5C-4E51-8754-58F695A6084D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
    "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
    "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
    "{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
    "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
    "{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
    "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
    "{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
    "{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
    "{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
    "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
    "Boxster Models" = Boxster Models 1.0
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
    "Dell Support Center" = Dell Support Center
    "Dell V305" = Dell V305
    "Google Desktop" = Google Desktop
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "ieSpell" = ieSpell
    "InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "N360" = Norton Security Suite
    "NVIDIA Drivers" = NVIDIA Drivers

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/27/2011 3:26:06 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
    Description =

    Error - 12/29/2011 9:16:21 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
    Description = Faulting application AppleSyncNotifier.exe, version 1.6.77.0, time
    stamp 0x4e8d6886, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
    exception code 0xc0000005, fault offset 0x6f5953a0, process id 0xf40, application
    start time 0x01ccc62c0bee1897.

    Error - 12/29/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
    Description =

    Error - 12/29/2011 3:00:06 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
    Description =

    Error - 12/30/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
    Description =

    Error - 12/30/2011 3:00:07 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
    Description =

    Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 169.254.163.251:5353 4 Bruce-PC.local.
    Addr 169.254.163.251

    Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Resetting to Probing: 4 Bruce-PC.local.
    Addr 192.168.1.2

    Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Received from 169.254.163.251:5353 4 Bruce-PC.local.
    Addr 169.254.163.251

    Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
    Description = mDNSCoreReceiveResponse: Resetting to Probing: 16 Bruce-PC.local.
    AAAA FE80:0000:0000:0000:8414:AF42:0FF4:0B33

    [ Dell Events ]
    Error - 12/11/2010 8:29:21 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/11/2010 8:29:21 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/11/2010 8:37:42 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 12/11/2010 8:37:42 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 1/9/2011 9:44:01 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 1/9/2011 9:44:01 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 7/14/2011 9:18:25 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 12/16/2007 6:54:04 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 12/16/2007 8:41:56 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 5/24/2008 6:49:07 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 5/29/2008 7:09:17 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/1/2008 6:51:43 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/4/2008 6:34:19 AM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/8/2008 2:18:22 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 6/8/2008 9:16:15 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

    Error - 7/22/2008 5:49:06 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    Error - 1/17/2009 6:35:28 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

    [ System Events ]
    Error - 12/29/2011 9:14:08 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/29/2011 9:14:48 AM | Computer Name = Bruce-PC | Source = DCOM | ID = 10010
    Description =

    Error - 12/29/2011 9:16:40 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
    Description =

    Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7009
    Description =

    Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
    Description =


    < End of report >

  5. #25
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 4 Systemlook

    SystemLook 30.07.11 by jpshortstuff
    Log created at 20:19 on 30/12/2011 by Bruce
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "12*2011_*.log"
    C:\_OTL\MovedFiles\12262011_150845.log --a---- 87008 bytes [20:18 26/12/2011] [20:24 26/12/2011] A099FF46D1C2A4F42CC9AB9E5908681A
    C:\_OTL\MovedFiles\12272011_185541.log --a---- 25374 bytes [23:58 27/12/2011] [01:21 28/12/2011] 4AEBB579D988F7CC61C2B89521D0D627

    -= EOF =

  6. #26
    Member
    Join Date
    Dec 2011
    Posts
    30

    Thumbs up Step 5

    No problems ,I don't think,
    steps 2,3,4,5 ok
    The computer runs well ,.But during this my home page switched from Comcast to MSN on its own.Thank you for all of your patience and Help , Bruce

  7. #27
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Bruce C,

    Thank you for the logs and update.
    Thank you also for letting me know about your experience downloading MalwareBytes' AntiMalware. I will look into that.

    Quote Originally Posted by Bruce C
    The computer runs well ,.But during this my home page switched from Comcast to MSN on its own.
    You can reset your default home page by following the instructions provided Here.

    Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
    If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

    Before we proceed please make sure any open programs are closed.

    Step 1:
    Create System Restore Point

    We will be making changes to the Registry again. Please create another System Restore Point following the instructions as provided previously before continuing any further.

    Step 2:
    Java Runtime Environment Update Needed!

    Your existing installation of the Java Runtime Environment is out of date.
    Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

    1. Please download the latest installer from HERE
    2. Locate the Java SE 7u2 section.
    3. Click on the Download JRE button to the right.
    4. Select the Accept License Agreement option to accept the Oracle Binary Code License Agreement for Java SE in order to download the software.
    5. Locate the entry for Windows x86 Offline, click on the file named jre-7u2-windows-i586.exe and Save it to your Desktop.
    6. Close all active windows.
    7. Select Start > Control Panel > Programs > Programs and Features.
    8. Uninstall the following old version of the Java Runtime Environment:
      • Java(TM) SE Runtime Environment 6
    9. When the removal has been completed close the Programs and Features window along with any others remaining open.
    10. Right-click on jre-7u2-windows-i586.exe and select the Run As Administrator option to run the installer. If you receive a UAC prompt, please allow it.
    11. Then follow the on-screen instructions to complete the installation.
      • IMPORTANT NOTE: If offered at any stage during the installation, make sure the option to install the Ask Toolbar is UNCHECKED.

    Step 3:
    OTL - Script

    Next we need to run another OTL script.

    **IMPORTANT** Please temporarily disable your Norton 360 Realtime Protection again. If active, it could impact fix.

    1. Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Copy and Paste the following code into the textbox. Do not include the word Code.
      Code:
      :otl
      FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
      O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
      O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
      O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      [3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
      
      :files
      C:\Users\Bruce\AppData\Roaming\Uniblue
      ipconfig /flushdns /c
      
      :commands
      [emptytemp]
    3. Then click the Run Fix button at the top.
    4. Click .
    5. OTL should ask to reboot the machine. Please do so if asked.
    6. The report should appear in Notepad after the reboot.
    7. Please Copy and Paste the contents of that report into your next reply.

    Step 4:
    ESET Online Scanner

    Please Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted. Then right-click on it and select the Run As Administrator option to run the installer.
    Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan. Refer to This Howto Topic, if necessary.
    1. Right-click on your Internet Explorer or Firefox desktop icon and select the Run As Administrator option to launch the program.
    2. Then please go to ESET Online Scanner - © ESET (All Rights Reserved) to run an online scan.
      ** Make sure you are using an account that has Administrative privileges **
    3. Click on the ESET Online Scanner button.
    4. Check the box next to "YES, I accept the Terms of Use."
    5. Click Start.
      A window will open. It may appear nothing is happening, but please be patient.
    6. Click Yes to the run ActiveX prompt.
    7. Click Install at the install ActiveX prompt.
      Once installed, the scanner will be initialized.
    8. Click on the Start button.
      Make sure that the options:
      • Remove found threats is UNCHECKED
      • Leave the "default" settings under Advanced as they are. If not set, please check:
        • Scan for potentially unwanted applications
        • Scan for potentially unsafe applications
        • Enable Anti-Stealth Technology
    9. Click on the Start button.
      ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
    10. Wait for the scan to finish. It may take a while but, again, please be patient. When the scan is finished:
    11. Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
    12. Copy and Paste the entire contents of log.txt into your next reply.

    Remember to re-enable your Anti-virus protection before continuing!

    Step 5:
    SystemLook

    1. Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
    2. Copy and Paste the text in the code box below into SystemLook's main text entry window:
      Code:
      :contents
      C:\_OTL\MovedFiles\12272011_185541.log
    3. Click on the Look button to start the scan.
      Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
    4. When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
      A log file will be created on your Desktop named SystemLook.txt.
    5. Please post the contents of the SystemLook.txt file in your next reply.

    Step 6:
    Include in Next Post

    1. Did you have any problems carrying out the instructions?
    2. OTL Script log results.
    3. ESET log results.
    4. SystemLook.txt.


    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Malware Removal University - You too could train to help others

  8. #28
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 6 Include in next post

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    File c:\Program Files\Java\jre1.6.0\bin\ssv.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    File c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll not found.
    C:\ProgramData\SPLA24A.tmp deleted successfully.
    C:\ProgramData\SPLBC05.tmp deleted successfully.
    C:\ProgramData\SPLBD01.tmp deleted successfully.
    ========== FILES ==========
    C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\Bruce\AppData\Roaming\Uniblue folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
    C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bruce
    ->Temp folder emptied: 582909 bytes
    ->Temporary Internet Files folder emptied: 255799268 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1658 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 450 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 180173 bytes

    Total Files Cleaned = 245.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01012012_211833

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA484.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA48E.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4E2.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4ED.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA523.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA52D.tmp not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJI2829Q\showthread[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...

  9. #29
    Member
    Join Date
    Dec 2011
    Posts
    30

    Default Step 3 OTL Script-Sorry for the confusion on previous reply

    Correction: last post was labeled Step 6- It was actually step 3 OTL Script

    Quote Originally Posted by Bruce C View Post
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
    File c:\Program Files\Java\jre1.6.0\bin\ssv.dll not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
    File c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll not found.
    C:\ProgramData\SPLA24A.tmp deleted successfully.
    C:\ProgramData\SPLBC05.tmp deleted successfully.
    C:\ProgramData\SPLBD01.tmp deleted successfully.
    ========== FILES ==========
    C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
    C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
    C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
    C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
    C:\Users\Bruce\AppData\Roaming\Uniblue folder moved successfully.
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
    C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bruce
    ->Temp folder emptied: 582909 bytes
    ->Temporary Internet Files folder emptied: 255799268 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 1658 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 450 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 180173 bytes

    Total Files Cleaned = 245.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 01012012_211833

    Files\Folders moved on Reboot...
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA484.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA48E.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4E2.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4ED.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA523.tmp not found!
    File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA52D.tmp not found!
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJI2829Q\showthread[1].htm moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

    Registry entries deleted on Reboot...

  10. #30
    Emeritus- Malware Team
    Join Date
    Aug 2011
    Posts
    157

    Default

    Hi Bruce C,

    Please can you also post the ESET and SystemLook logs as requested in my last post.

    ESET log results.
    SystemLook.txt.

    Scolabar
    --------------------------------------------------------------------------
    No Reply Within 3 Days Will Result In Your Topic Being Closed
    Last edited by Scolabar; 2012-01-02 at 09:57.
    Malware Removal University - You too could train to help others

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •