PDA

View Full Version : Browser redirects, clicksor ads on many pages, etc.



kore321
2010-10-03, 07:43
Hi all,

I am in need of some help here. I have a bunch of redirects when accessing some websites.

I ran SB S&D with nothing ...
Ran Superantispyware and it deleted a bunch of cookies..

Thanks for the great help in advance...

Here is the dds file log: Changed personal stuff to ++++++++

DDS (Ver_10-03-17.01) - NTFSX64
Run by +++++++++ at 0:17:44.02 on Sun 10/03/2010
Internet Explorer: 8.0.6001.18943 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.4054.1446 [GMT -4:00]

SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\dldocoms.exe
c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Windows\System32\mobsync.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MTNCONNER\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve
mLocal Page = c:\windows\syswow64\blank.htm
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files (x86)\zonealarm_security\tbZone.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files (x86)\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files (x86)\zonealarm_security\tbZone.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files (x86)\zonealarm_security\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\wow64\trustchecker\bin\TrustCheckerIEPlugin.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SightSpeed] "c:\program files (x86)\dell video chat\DellVideoChat.exe" -bootmode
uRun: [msnmsgr] "c:\program files (x86)\windows live\messenger\msnmsgr.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Dell DataSafe Online] "c:\program files (x86)\dell datasafe online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "c:\program files (x86)\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [McAfeeUpdaterUI] "c:\program files (x86)\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey
mRun: [AVG9_TRAY] c:\progra~2\avg\avg9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Adobe Acrobat Speed Launcher] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files (x86)\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files (x86)\common files\real\update_ob\realsched.exe" -osboot
mRun: [SSBkgdUpdate] "c:\program files (x86)\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files (x86)\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files (x86)\scansoft\paperport\IndexSearch.exe"
mRun: [MFPMonitor] c:\windows\twain_32\dell\mfp1125\monitor\Stsmon.exe
mRun: [ZoneAlarm Client] "c:\program files (x86)\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\users\mtncon~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\dellre~1.lnk - c:\windows\installer\{f66a31d9-7831-4fba-ba02-c411c0047cc5}\NewShortcut4_F66A31D978314FBABA02C411C0047CC5.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files (x86)\pixela\mediabrowser le\MBCameraMonitor.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\softwa~1.lnk - c:\program files (x86)\common files\cloanto\software director\softdir.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
Trusted Zone: majesticservice.com\www
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {644D8000-3033-A583-AD61-00403333EC93} - hxxp://www.majesticservice.com/metadraw/MDraw30.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} - hxxps://www.majesticservice.com/imageUploader/ImageUploader3.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E7A7C5E3-44D2-43CC-8D84-463BDE93E871} - hxxps://www.majesticservice.com/axEditorSuite.CAB
DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} - hxxps://www.majesticservice.com/XUpload/XUpload.ocx
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files (x86)\avg\avg9\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files (x86)\avg\avg9\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun-x64: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun-x64: [Persistence] c:\windows\system32\igfxpers.exe
mRun-x64: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun-x64: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun-x64: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
AppInit_DLLs-X64: avgrssta.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\++++++\appdata\roaming\mozilla\firefox\profiles\otjmh0ud.default\
FF - component: c:\program files (x86)\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\+++++++\appdata\roaming\mozilla\firefox\profiles\otjmh0ud.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\FFExternalAlert.dll
FF - component: c:\users\+++++++\appdata\roaming\mozilla\firefox\profiles\otjmh0ud.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\components\RadioWMPCore.dll
FF - plugin: c:\program files (x86)\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files (x86)\microsoft\office live\npOLW.dll
FF - plugin: c:\program files (x86)\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files (x86)\nos\bin\np_gp.dll
FF - plugin: c:\program files (x86)\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files (x86)\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-30 69152]
R0 PxHlpa64;PxHlpa64;c:\windows\system32\drivers\PxHlpa64.sys [2009-7-8 53488]
R1 AvgLdx64;AVG Free AVI Loader Driver x64;c:\windows\system32\drivers\avgldx64.sys [2009-12-13 269904]
R1 AvgMfx64;AVG Free On-access Scanner Minifilter Driver x64;c:\windows\system32\drivers\avgmfx64.sys [2009-12-13 35536]
R1 AvgTdiA;AVG Free Network Redirector x64;c:\windows\system32\drivers\avgtdia.sys [2009-12-13 317520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt64.inf_15f4e438\AESTSr64.exe [2009-7-8 89600]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 27648]
R2 avg9wd;AVG Free WatchDog;c:\program files (x86)\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 dldo_device;dldo_device;c:\windows\system32\dldocoms.exe -service --> c:\windows\system32\dldocoms.exe -service [?]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-9-2 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-9-2 823288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-8-12 1356952]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-10-2 1153368]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-7-8 160704]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-7-8 126464]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60a.sys [2009-7-8 252928]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\lavasoft\ad-aware\kernexplorer64.sys [2010-8-12 16928]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\drivers\NETw5v64.sys [2009-7-8 4735488]
R3 OA008Ufd;Creative Camera OA008 Upper Filter Driver;c:\windows\system32\drivers\OA008Ufd.sys [2009-7-8 158592]
R3 OA008Vid;Creative Camera OA008 Function Driver;c:\windows\system32\drivers\OA008Vid.sys [2009-7-8 310784]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 McAfeeFramework;McAfee Framework Service;c:\program files (x86)\mcafee\common framework\FrameworkService.exe [2009-9-21 104000]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-7-8 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-7-8 49480]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework64\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 22528]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2009-4-24 93184]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-10-03 00:23:49 0 d-----w- c:\users\+++++++\appdata\roaming\CheckPoint
2010-10-03 00:23:01 0 d-----w- c:\program files (x86)\Conduit
2010-10-03 00:23:00 0 d-----w- c:\program files (x86)\ZoneAlarm_Security
2010-10-03 00:22:44 0 d-----w- c:\program files\CheckPoint
2010-10-03 00:22:33 58368 ----a-w- c:\windows\syswow64\vsregexp.dll
2010-10-03 00:20:33 69120 ----a-w- c:\windows\syswow64\zlcomm.dll
2010-10-03 00:20:33 103936 ----a-w- c:\windows\syswow64\zlcommdb.dll
2010-10-03 00:20:28 43008 ----a-w- c:\windows\syswow64\vswmi.dll
2010-10-03 00:20:26 302592 ----a-w- c:\windows\syswow64\vspubapi.dll
2010-10-03 00:20:26 1238528 ----a-w- c:\windows\syswow64\zpeng25.dll
2010-10-03 00:20:26 110080 ----a-w- c:\windows\syswow64\vsxml.dll
2010-10-03 00:20:26 108032 ----a-w- c:\windows\syswow64\vsmonapi.dll
2010-10-03 00:20:26 0 d-----w- c:\windows\syswow64\ZoneLabs
2010-10-03 00:20:25 420800 ----a-w- c:\windows\system32\drivers\vsconfig.xml
2010-10-03 00:20:25 112128 ----a-w- c:\windows\syswow64\vsdata.dll
2010-10-03 00:20:02 714240 ----a-w- c:\windows\syswow64\vsutil.dll
2010-10-03 00:20:02 228352 ----a-w- c:\windows\syswow64\vsinit.dll
2010-10-03 00:15:26 453720 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2010-10-02 23:58:08 0 d-sh--w- C:\found.000
2010-10-02 16:46:55 224 ----a-w- c:\users\mtncon~1\appdata\roaming\wklnhst.dat
2010-10-02 16:09:11 0 d-----w- c:\users\mtncon~1\appdata\roaming\SUPERAntiSpyware.com
2010-10-02 16:09:11 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-10-02 16:09:05 0 d-----w- c:\windows\system32\AppLogs
2010-10-02 16:09:03 0 d-----w- c:\programdata\!SASCORE
2010-10-02 16:08:59 0 d-----w- c:\program files\SUPERAntiSpyware
2010-09-30 04:03:15 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-30 03:59:58 0 dc-h--w- c:\programdata\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-30 03:57:57 0 d-----w- c:\programdata\Lavasoft
2010-09-30 03:57:57 0 d-----w- c:\program files (x86)\Lavasoft
2010-09-29 21:34:52 2048 ----a-w- c:\windows\syswow64\tzres.dll
2010-09-29 21:34:52 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-29 12:31:30 524288 --sha-w- c:\users\+++++++\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
2010-09-29 12:31:29 65536 --sha-w- c:\users\+++++++\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TM.blf
2010-09-29 12:31:29 524288 --sha-w- c:\users\+++++++\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
2010-09-28 22:54:17 65536 --sha-w- c:\users\+++++++\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TM.blf
2010-09-28 22:54:17 524288 --sha-w- c:\users\+++++++\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
2010-09-28 22:54:17 524288 --sha-w- c:\users\+++++++\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
2010-09-27 22:33:57 65536 --sha-w- c:\users\+++++++\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TM.blf
2010-09-27 22:33:57 524288 --sha-w- c:\users\+++++++\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
2010-09-27 22:33:57 524288 --sha-w- c:\users\+++++++\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
2010-09-27 21:43:16 0 d-----w- c:\program files (x86)\Trend Micro
2010-09-27 20:56:39 0 d-----w- c:\programdata\NOS
2010-09-27 06:35:13 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-27 06:35:13 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-09-25 20:39:21 0 d-----w- c:\program files\dl_Cats
2010-09-20 01:51:46 65536 --sha-w- c:\users\+++++++\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TM.blf
2010-09-20 01:51:46 524288 --sha-w- c:\users\+++++++\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
2010-09-20 01:51:46 524288 --sha-w- c:\users\+++++++\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
2010-09-17 07:01:18 0 d-----w- c:\windows\CheckSur
2010-09-14 22:42:14 317952 ----a-w- c:\windows\syswow64\MP4SDECD.DLL
2010-09-14 22:42:13 295424 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 22:42:01 267776 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 22:41:41 975360 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 22:41:41 738816 ----a-w- c:\windows\syswow64\inetcomm.dll
2010-09-14 22:41:31 501760 ----a-w- c:\windows\syswow64\usp10.dll
2010-09-14 22:41:29 622080 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 22:08:37 65536 --sha-w- c:\users\+++++++\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TM.blf
2010-09-14 22:08:37 524288 --sha-w- c:\users\+++++++\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
2010-09-14 22:08:37 524288 --sha-w- c:\users\+++++++\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
2010-09-14 10:37:01 65536 --sha-w- c:\users\+++++++\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TM.blf
2010-09-14 10:37:01 524288 --sha-w- c:\users\+++++++\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
2010-09-14 10:37:01 524288 --sha-w- c:\users\+++++++\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TMContainer00000000000000000001.regtrans-ms

==================== Find3M ====================

2010-10-03 00:20:23 51200 ----a-w- c:\windows\inf\infpub.dat
2010-10-03 00:20:23 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-10-03 00:16:14 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-26 16:55:26 11581440 ----a-w- c:\windows\syswow64\shell32.dll
2010-07-17 09:00:12 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-17 09:00:12 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-17 09:00:10 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-16 20:09:18 13048 ----a-w- c:\windows\system32\avgrssta.dll
2009-07-08 12:38:21 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:14 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:14 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:32 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:32 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-07-08 10:27:00 75 --sh--r- c:\windows\CT4CET.bin
2010-06-28 17:42:27 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-06-28 17:42:27 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-06-28 17:42:27 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-12-26 08:43:22 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-12-12 22:21:04 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\history\low\history.ie5\index.dat
2009-12-12 22:21:04 32768 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\low\content.ie5\index.dat
2009-12-12 22:21:04 16384 --sha-w- c:\windows\syswow64\config\systemprofile\appdata\roaming\microsoft\windows\cookies\low\index.dat
2009-07-08 12:38:21 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 0:18:08.34 ===============

Blade81
2010-10-06, 11:09
Hi,

Does the issue occur with all browsers?


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Copy-paste following contents into custom scan -area:
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

kore321
2010-10-06, 13:27
Thanks Blade81 for taking the time to look at my problem.
The answer to your question is "YES". I get the broblem on all browsers (IE and FF).

Here is the OLT log.
OTL logfile created on: 10/6/2010 6:16:03 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\MTNCONNER\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 39.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 137.26 Gb Free Space | 62.91% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.18 Gb Free Space | 49.02% Space Free | Partition Type: NTFS
Drive E: | 494.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: MTNCONNER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\MTNCONNER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Cloanto\Software Director\softdir.exe (Cloanto Corporation)
PRC - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exe (Dell Corporation.)
PRC - c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\MTNCONNER\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\WOW64\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\Windows\SysWOW64\vbscript.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wintrust.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\fastprox.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemdisp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntdsapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\dnsapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\sxs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\imagehlp.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbemcomn.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wmiutils.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemsvc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\wbem\wbemprox.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\normaliz.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:[b]64bit: - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe ()
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe ()
SRV:64bit: - (DockLoginService) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll ()
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (dldo_device) -- C:\Windows\SysNative\dldocoms.exe ()
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Akamai) -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_062a651.dll ()
SRV - (vsmon) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (avg9wd) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (hnmsvc) -- c:\Program Files (x86)\Common Files\Dell\Advanced Networking Service\hnm_svc.exe (Dell Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (McAfeeFramework) -- C:\Program Files (x86)\McAfee\Common Framework\FrameworkService.exe (McAfee, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (vsdatant7) -- C:\Windows\SysNative\drivers\vsdatant.win7.sys File not found
DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found
DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found
DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
DRV:64bit: - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\DRIVERS\Lbd.sys ()
DRV:64bit: - (AvgTdiA) -- C:\Windows\SysNative\Drivers\avgtdia.sys ()
DRV:64bit: - (AvgLdx64) -- C:\Windows\SysNative\Drivers\avgldx64.sys ()
DRV:64bit: - (AvgMfx64) -- C:\Windows\SysNative\Drivers\avgmfx64.sys ()
DRV:64bit: - (vsdatant) -- C:\Windows\SysNative\DRIVERS\vsdatant.sys ()
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys ()
DRV:64bit: - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\Windows\SysNative\DRIVERS\sscdserd.sys ()
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\DRIVERS\sscdbus.sys ()
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys ()
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (mfesmfk) -- C:\Windows\SysNative\drivers\mfesmfk.sys ()
DRV:64bit: - (mferkdk) -- C:\Windows\SysNative\drivers\mferkdk.sys ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys ()
DRV:64bit: - (OA008Ufd) -- C:\Windows\SysNative\DRIVERS\OA008Ufd.sys ()
DRV:64bit: - (OA008Vid) -- C:\Windows\SysNative\DRIVERS\OA008Vid.sys ()
DRV:64bit: - (NETw5v64) Intel(R) -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys ()
DRV:64bit: - (IntcHdmiAddService) Intel(R) -- C:\Windows\SysNative\drivers\IntcHdmi.sys ()
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\DRIVERS\CtClsFlt.sys ()
DRV:64bit: - (k57nd60a) Broadcom NetLink (TM) -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (Packet) -- C:\Windows\SysNative\DRIVERS\packet.sys ()
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys ()
DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys ()
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\DRIVERS\usb8023x.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (R300) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys ()
DRV - (Packet) -- C:\Windows\SysWOW64\drivers\packet.sys (SingleClick Systems)
DRV - (ASPI32) -- C:\Windows\SysWow64\drivers\aspi32.sys (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://dell.msn.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {b9749d11-4bc1-4220-b092-02eaa1db9782}:2.5.8.99
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {91da5e8a-3318-4f8c-b67e-5964de3ab546}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/09/30 18:22:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/04/25 17:38:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2010/10/02 20:23:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/19 19:29:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/09/27 16:56:44 | 000,000,000 | ---D | M]

[2009/07/18 23:08:12 | 000,000,000 | ---D | M] -- C:\Users\MTNCONNER\AppData\Roaming\mozilla\Extensions
[2010/10/03 11:54:15 | 000,000,000 | ---D | M] -- C:\Users\MTNCONNER\AppData\Roaming\mozilla\Firefox\Profiles\otjmh0ud.default\extensions
[2010/05/03 09:46:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\MTNCONNER\AppData\Roaming\mozilla\Firefox\Profiles\otjmh0ud.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/02 20:23:10 | 000,000,000 | ---D | M] (ZoneAlarm Security Toolbar) -- C:\Users\MTNCONNER\AppData\Roaming\mozilla\Firefox\Profiles\otjmh0ud.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
[2010/07/31 11:39:01 | 000,000,000 | ---D | M] (MLB.com Toolbar) -- C:\Users\MTNCONNER\AppData\Roaming\mozilla\Firefox\Profiles\otjmh0ud.default\extensions\{b9749d11-4bc1-4220-b092-02eaa1db9782}
[2010/08/19 22:08:14 | 000,000,939 | ---- | M] () -- C:\Users\MTNCONNER\AppData\Roaming\Mozilla\FireFox\Profiles\otjmh0ud.default\searchplugins\conduit.xml
[2010/08/29 18:19:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/09/14 18:05:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/10/03 12:09:27 | 000,420,602 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14507 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files (x86)\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe ()
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe ()
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe ()
O4:64bit: - HKLM..\Run: [QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files (x86)\McAfee\Common Framework\UdaterUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MFPMonitor] C:\Windows\twain_32\Dell\MFP1125\Monitor\Stsmon.exe (Dell Corporation.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SightSpeed] C:\Program Files (x86)\Dell Video Chat\DellVideoChat.exe (Dell Inc. and SightSpeed Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\MTNCONNER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: majesticservice.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: majesticservice.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {644D8000-3033-A583-AD61-00403333EC93} http://www.majesticservice.com/metadraw/MDraw30.cab (Bennet-Tec MetaDraw 3.1 ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} https://www.majesticservice.com/imageUploader/ImageUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E7A7C5E3-44D2-43CC-8D84-463BDE93E871} https://www.majesticservice.com/axEditorSuite.CAB (axEditorSuite.axEditPad)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} https://www.majesticservice.com/XUpload/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.69.44 213.109.76.46 1.1.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll ()
O24 - Desktop WallPaper: C:\Users\MTNCONNER\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\MTNCONNER\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/07/12 19:43:19 | 000,001,373 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{581c0b21-5296-11df-be1c-002219f8152f}\Shell - "" = AutoRun
O33 - MountPoints2\{581c0b21-5296-11df-be1c-002219f8152f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{aa1d8642-edb8-11de-8f21-002219f8152f}\Shell\AutoRun\command - "" = L:\install.exe -- File not found
O33 - MountPoints2\{de9defb9-6b7a-11de-8704-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{de9defb9-6b7a-11de-8704-806e6f6e6963}\Shell\AutoRun\command - "" = E:\cd2run.exe -- [2004/07/12 19:43:19 | 000,069,632 | R--- | M] (Microsoft)
O33 - MountPoints2\{f43cd9b4-c9b7-11de-964d-8000600fe800}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\{f43cda18-c9b7-11de-964d-8000600fe800}\Shell\AutoRun\command - "" = J:\Launch.exe -- File not found
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Launch.exe -- File not found
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Launch.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/10/06 06:02:25 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\MTNCONNER\Desktop\OTL.exe
[2010/10/05 17:28:29 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\MTNCONNER\Desktop\erunt-setup.exe
[2010/10/04 17:57:23 | 000,000,000 | ---D | C] -- C:\Users\MTNCONNER\AppData\Roaming\PeerNetworking
[2010/10/02 20:23:50 | 000,000,000 | ---D | C] -- C:\Users\MTNCONNER\Documents\ForceField Shared Files
[2010/10/02 20:23:49 | 000,000,000 | ---D | C] -- C:\Users\MTNCONNER\AppData\Roaming\CheckPoint
[2010/10/02 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/10/02 20:23:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm_Security
[2010/10/02 20:22:44 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/10/02 20:22:33 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsregexp.dll
[2010/10/02 20:20:33 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcommdb.dll
[2010/10/02 20:20:33 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zlcomm.dll
[2010/10/02 20:20:28 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vswmi.dll
[2010/10/02 20:20:26 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\zpeng25.dll
[2010/10/02 20:20:26 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vspubapi.dll
[2010/10/02 20:20:26 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsxml.dll
[2010/10/02 20:20:26 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsmonapi.dll
[2010/10/02 20:20:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs
[2010/10/02 20:20:25 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsdata.dll
[2010/10/02 20:20:02 | 000,714,240 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsutil.dll
[2010/10/02 20:20:02 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\SysWow64\vsinit.dll
[2010/10/02 19:58:08 | 000,000,000 | -HSD | C] -- C:\found.000
[2010/10/02 12:46:56 | 000,000,000 | ---D | C] -- C:\Users\MTNCONNER\AppData\Roaming\Template
[2010/10/02 12:09:11 | 000,000,000 | ---D | C] -- C:\Users\MTNCONNER\AppData\Roaming\SUPERAntiSpyware.com
[2010/10/02 12:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/10/02 12:09:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\AppLogs
[2010/10/02 12:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2010/10/02 12:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/10/02 10:21:26 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\MTNCONNER\Desktop\spybotsd162.exe
[2010/09/30 20:51:34 | 000,000,000 | ---D | C] -- C:\Users\MTNCONNER\Desktop\hijackthis
[2010/09/30 00:03:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010/09/30 00:01:24 | 000,000,000 | ---D | C] -- C:\Users\MTNCONNER\AppData\Local\Sunbelt Software
[2010/09/29 23:59:58 | 000,000,000 | -H-D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010/09/29 23:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010/09/29 23:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010/09/29 23:42:54 | 133,582,520 | ---- | C] (Lavasoft ) -- C:\Users\MTNCONNER\Desktop\Ad-AwareInstall.exe
[2010/09/27 17:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010/09/27 16:56:39 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/09/27 02:35:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010/09/27 02:35:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010/09/25 16:39:21 | 000,000,000 | ---D | C] -- C:\Program Files\dl_Cats
[2010/09/17 03:01:18 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010/09/14 18:42:14 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2010/01/07 20:07:43 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\MTNCONNER\AppData\Roaming\DataSafeDotNet.exe
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/10/06 06:16:18 | 008,650,752 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat
[2010/10/06 06:02:31 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\MTNCONNER\Desktop\OTL.exe
[2010/10/06 06:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/10/06 06:00:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 06:00:08 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/06 00:00:15 | 000,708,186 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/10/06 00:00:15 | 000,604,502 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/10/06 00:00:15 | 000,108,772 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/10/05 22:28:22 | 065,661,235 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2010/10/05 21:02:44 | 000,000,716 | ---- | M] () -- C:\Users\MTNCONNER\AppData\Roaming\wklnhst.dat
[2010/10/05 20:15:24 | 000,014,329 | ---- | M] () -- C:\Users\MTNCONNER\Desktop\352257.jpg
[2010/10/05 17:28:31 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\MTNCONNER\Desktop\erunt-setup.exe
[2010/10/04 18:58:09 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/10/04 18:57:43 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 18:55:57 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/10/04 18:55:57 | 000,065,536 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TM.blf
[2010/10/04 18:55:55 | 002,993,974 | -H-- | M] () -- C:\Users\MTNCONNER\AppData\Local\IconCache.db
[2010/10/04 17:57:24 | 000,023,604 | ---- | M] () -- C:\Users\MTNCONNER\AppData\Roaming\UserTile.png
[2010/10/03 23:31:47 | 000,118,272 | ---- | M] () -- C:\Users\MTNCONNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/03 13:15:29 | 000,001,460 | ---- | M] () -- C:\Users\MTNCONNER\AppData\Local\d3d9caps64.dat
[2010/10/03 12:09:27 | 000,420,602 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010/10/03 00:20:24 | 000,005,057 | ---- | M] () -- C:\Users\MTNCONNER\Documents\Attach.zip
[2010/10/03 00:17:30 | 000,525,824 | ---- | M] () -- C:\Users\MTNCONNER\Desktop\dds.scr
[2010/10/02 20:24:15 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/10/02 20:22:38 | 000,000,903 | ---- | M] () -- C:\Users\MTNCONNER\Desktop\ZoneAlarm Security.lnk
[2010/10/02 20:19:57 | 046,957,056 | ---- | M] () -- C:\Users\MTNCONNER\Desktop\zaSetup_92_076_000_en.exe
[2010/10/02 20:09:45 | 000,002,497 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Remote Access.lnk
[2010/10/02 20:01:26 | 000,000,970 | ---- | M] () -- C:\Users\MTNCONNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/10/02 12:40:39 | 000,293,376 | ---- | M] () -- C:\Users\MTNCONNER\Desktop\om71upx5.exe
[2010/10/02 12:09:03 | 000,001,758 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/02 10:31:10 | 000,001,123 | ---- | M] () -- C:\Users\MTNCONNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/02 10:31:10 | 000,001,099 | ---- | M] () -- C:\Users\MTNCONNER\Desktop\Spybot - Search & Destroy.lnk
[2010/10/02 10:21:35 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\MTNCONNER\Desktop\spybotsd162.exe
[2010/09/30 19:19:26 | 000,001,965 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Software Director Scheduler.lnk
[2010/09/29 23:59:51 | 000,001,075 | ---- | M] () -- C:\Users\MTNCONNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/29 23:47:51 | 133,582,520 | ---- | M] (Lavasoft ) -- C:\Users\MTNCONNER\Desktop\Ad-AwareInstall.exe
[2010/09/29 08:31:30 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/29 08:23:39 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/29 08:23:39 | 000,065,536 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TM.blf
[2010/09/28 18:54:17 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/28 18:48:50 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/28 18:48:50 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/28 18:48:50 | 000,065,536 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TM.blf
[2010/09/27 18:26:57 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/27 18:26:57 | 000,065,536 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TM.blf
[2010/09/19 21:51:46 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/19 21:45:07 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 21:45:07 | 000,065,536 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TM.blf
[2010/09/19 19:19:00 | 000,006,080 | ---- | M] () -- C:\Users\MTNCONNER\AppData\Local\d3d9caps.dat
[2010/09/15 03:18:05 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 18:00:30 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 18:00:30 | 000,065,536 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TM.blf
[2010/09/14 06:37:01 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 06:30:03 | 000,524,288 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{9b14d5e9-936c-11df-9697-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 06:30:03 | 000,065,536 | -HS- | M] () -- C:\Users\MTNCONNER\ntuser.dat{9b14d5e9-936c-11df-9697-002219f8152f}.TM.blf
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/05 20:12:42 | 000,014,329 | ---- | C] () -- C:\Users\MTNCONNER\Desktop\352257.jpg
[2010/10/04 17:57:24 | 000,023,604 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Roaming\UserTile.png
[2010/10/03 13:18:45 | 4251,828,224 | -HS- | C] () -- C:\hiberfil.sys
[2010/10/03 00:20:24 | 000,005,057 | ---- | C] () -- C:\Users\MTNCONNER\Documents\Attach.zip
[2010/10/03 00:17:25 | 000,525,824 | ---- | C] () -- C:\Users\MTNCONNER\Desktop\dds.scr
[2010/10/02 20:22:38 | 000,000,903 | ---- | C] () -- C:\Users\MTNCONNER\Desktop\ZoneAlarm Security.lnk
[2010/10/02 20:20:25 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2010/10/02 20:18:02 | 046,957,056 | ---- | C] () -- C:\Users\MTNCONNER\Desktop\zaSetup_92_076_000_en.exe
[2010/10/02 20:15:26 | 000,453,720 | ---- | C] () -- C:\Windows\SysNative\drivers\vsdatant.sys
[2010/10/02 12:46:55 | 000,000,716 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Roaming\wklnhst.dat
[2010/10/02 12:40:37 | 000,293,376 | ---- | C] () -- C:\Users\MTNCONNER\Desktop\om71upx5.exe
[2010/10/02 12:09:03 | 000,001,758 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/10/02 10:31:10 | 000,001,123 | ---- | C] () -- C:\Users\MTNCONNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2010/10/02 10:31:10 | 000,001,099 | ---- | C] () -- C:\Users\MTNCONNER\Desktop\Spybot - Search & Destroy.lnk
[2010/09/30 00:03:15 | 000,069,152 | ---- | C] () -- C:\Windows\SysNative\drivers\Lbd.sys
[2010/09/29 23:59:51 | 000,001,075 | ---- | C] () -- C:\Users\MTNCONNER\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010/09/29 17:34:52 | 000,002,048 | ---- | C] () -- C:\Windows\SysNative\tzres.dll
[2010/09/29 08:31:30 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/29 08:31:29 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/29 08:31:29 | 000,065,536 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{f6626f1e-cbc2-11df-967d-002219f8152f}.TM.blf
[2010/09/28 18:54:17 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/28 18:54:17 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/28 18:54:17 | 000,065,536 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{17bbe00d-ca87-11df-b885-002219f8152f}.TM.blf
[2010/09/27 18:33:57 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/27 18:33:57 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/27 18:33:57 | 000,065,536 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{742e174d-c9fe-11df-8b69-002219f8152f}.TM.blf
[2010/09/19 21:51:46 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/19 21:51:46 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/19 21:51:46 | 000,065,536 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{fb50ee9c-c457-11df-afe6-002219f8152f}.TM.blf
[2010/09/14 18:42:13 | 000,295,424 | ---- | C] () -- C:\Windows\SysNative\MP4SDECD.DLL
[2010/09/14 18:42:01 | 000,267,776 | ---- | C] () -- C:\Windows\SysNative\spoolsv.exe
[2010/09/14 18:41:41 | 000,975,360 | ---- | C] () -- C:\Windows\SysNative\inetcomm.dll
[2010/09/14 18:41:29 | 000,622,080 | ---- | C] () -- C:\Windows\SysNative\usp10.dll
[2010/09/14 18:08:37 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 18:08:37 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 18:08:37 | 000,065,536 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{526edc87-c047-11df-baf1-002219f8152f}.TM.blf
[2010/09/14 06:37:01 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TMContainer00000000000000000002.regtrans-ms
[2010/09/14 06:37:01 | 000,524,288 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TMContainer00000000000000000001.regtrans-ms
[2010/09/14 06:37:01 | 000,065,536 | -HS- | C] () -- C:\Users\MTNCONNER\ntuser.dat{a18ae6e3-bfe9-11df-8bd7-002219f8152f}.TM.blf
[2010/07/15 20:48:06 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2010/07/15 20:41:20 | 000,002,418 | -H-- | C] () -- C:\Windows\DRUnins.ini
[2010/06/26 11:36:39 | 000,333,364 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Local\dd_vcredistMSI1761.txt
[2010/06/26 11:36:38 | 000,011,154 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Local\dd_vcredistUI1761.txt
[2010/04/27 18:25:07 | 000,001,460 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Local\d3d9caps64.dat
[2010/04/07 20:17:26 | 000,425,648 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Local\dd_vcredistMSI3B55.txt
[2010/04/07 20:17:25 | 000,016,938 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Local\dd_vcredistUI3B55.txt
[2009/11/16 00:57:11 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/10/25 01:47:45 | 000,006,080 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Local\d3d9caps.dat
[2009/10/12 19:25:57 | 000,118,272 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/01 23:02:21 | 000,000,004 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Roaming\E45401
[2009/10/01 23:02:20 | 000,870,128 | ---- | C] () -- C:\Users\MTNCONNER\AppData\Roaming\mcs.rma
[2009/09/21 20:16:37 | 000,000,280 | ---- | C] () -- C:\Windows\SysWow64\epoPGPsdk.dll.sig
[2008/01/20 22:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/01/20 22:49:22 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/06/24 07:22:20 | 000,546,872 | ---- | M] (Microsoft Corporation) -- C:\bootmgr.efi
[2009/07/08 08:48:57 | 000,003,534 | RH-- | M] () -- C:\dell.sdr
[2010/10/04 18:57:43 | 4251,828,224 | -HS- | M] () -- C:\hiberfil.sys
[2010/10/04 18:57:42 | 270,475,263 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:5D432CE3
< End of report >

kore321
2010-10-06, 13:28
Here is the Extras File

OTL Extras logfile created on: 10/6/2010 6:16:03 AM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Users\MTNCONNER\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 39.00% Memory free
8.00 Gb Paging File | 5.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 218.20 Gb Total Space | 137.26 Gb Free Space | 62.91% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.18 Gb Free Space | 49.02% Space Free | Partition Type: NTFS
Drive E: | 494.46 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER
Current User Name: MTNCONNER
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" ()
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l ()
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = C2 FE 8D 6A DC 5B C8 01 [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2CBCB733-EDE4-4350-A4FA-AA66BD7152EE}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{2E15E7BA-F662-446D-8831-A1490D3324C9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{38926840-7034-4454-831D-706C90ABCA25}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{53B9A394-52E9-432D-BCDA-E960C3EA4255}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{54FA0144-D5A6-4880-839D-8E9808BE84A7}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface |
"{57D35DFF-E627-4ECA-B1D3-9C16E097C997}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5B6D5B89-6AA0-4E2D-9042-CD3C8C921314}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6632C25B-9750-4FF4-929B-3C35F2BC2781}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6E9705EE-77A2-487E-A780-0083984AABAD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{A05D094F-F396-4348-B46E-CFA9D77BD3A9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A8FAAAC3-E8E6-4933-AEC3-D27091E69A45}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CBDBE85B-04B5-4C12-AB48-76F8022C77C8}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F8EB0B7D-99CA-4040-BE81-2ADE1B9E9B76}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{065D1CED-BAAC-4CD0-90D3-5DD2E036E2BB}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{0C0B7942-62EB-4BDD-A2A4-2371D7EC7916}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{104BA585-2C69-4489-A326-71D854C9CA94}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{13534190-38EA-4A7C-B5F3-FE9F079C4AC8}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{1FB08965-2FD0-4F58-AD46-8513AFEB73F8}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{242FA8AA-9AA2-4DAA-9CA3-79D3C3999AB6}" = protocol=6 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{32C93DBF-F079-4A21-8B60-C5AF375561FE}" = protocol=6 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{5D4BD33A-7D42-4AC8-9605-56851E7C78ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{61759079-E5D8-4F5F-81A3-CEB7B45B8921}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6518B946-A508-4C8C-8441-C14B25FAC85E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{660E9119-F50A-4E01-9A63-0F39784BDAB5}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{69C231D8-2006-4FA0-B353-BCEF862A4096}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{788FA322-8C50-4659-B4E1-0CEA0A5D419D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\dell\advanced networking service\hnm_svc.exe |
"{7FD2DAEF-0867-45BE-9AAE-460D6DFE0489}" = protocol=17 | dir=in | app=c:\program files (x86)\dell video chat\dellvideochat.exe |
"{8D8FB268-FFDB-4169-8777-81E3E03E4FBD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8DC303BB-D0AF-48FA-887A-8899C7D35451}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C7F10C7-C6B4-4235-834F-78701BC5B472}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{A652A367-0843-4B67-9472-EA6C44A6DEC7}" = protocol=17 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{B87F8538-F7C5-4CCE-8568-E4C869F50BD8}" = protocol=6 | dir=in | app=c:\program files (x86)\mcafee\common framework\frameworkservice.exe |
"{BB365B44-A116-4FF7-8369-1297C689C69F}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{C1D145F9-9E5D-4B21-9A56-D24700872738}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\pdvddxsrv.exe |
"{D21478AB-3484-4F86-866D-AF5C5A778A52}" = dir=in | app=c:\program files\cyberlink\powerdvd dx\powerdvd.exe |
"{D2CE177A-0993-4D8A-958B-AE5B27DE2DD6}" = protocol=6 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{D8CEEE90-3071-4FD4-949C-E6D644022F1E}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\dell\vlc\vlc.exe |
"{DE123845-5D0F-4195-9884-F381B1363664}" = protocol=17 | dir=in | app=c:\program files (x86)\dell remote access\ezi_ra.exe |
"{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}" = dir=in | app=c:\program files (x86)\common files\mcafee\mna\mcnasvc.exe |
"{E7362DFB-27DA-4314-99CB-D8743696E6BF}" = protocol=17 | dir=in | app=c:\windows\system32\dldocoms.exe |
"{F55E69F4-3869-415C-BCAA-93B809E6D0DE}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F86416013FF}" = Java(TM) 6 Update 13 (64-bit)
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile Device Center
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"Creative OA008" = Integrated Webcam Driver (1.02.02.0106)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Dell Touchpad
"WinRAR archiver" = WinRAR archiver
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{1FFA1C07-525F-4691-B986-E570C4B659E9}" = VZAccess Manager
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20C11E32-103F-429F-98A4-DA24486D140F}" = MediaBrowser LE
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 21
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{67635FB6-2F63-4FFB-830B-D4C01597EBA4}" = Microsoft Office Suite Activation Assistant
"{67E4EE98-59F4-4210-89A6-A20AF5BEC689}" = Microsoft Streets and Trips 2005
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{788950DC-E2C4-4F1A-ADF4-9BD64F31E322}" = ScanSoft PaperPort 11
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_930" = Adobe Acrobat 9.3.0 - CPSID_52073
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BB8B34DE-4A49-9295-2B2F-9F739A82A463}" = My Avatar Editor
"{BD22A779-AC02-478B-B5D6-4A70FD60382D}" = C64 Forever
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}" = SAMSUNG USB Driver for Mobile Phones V5.16.0.0
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F66A31D9-7831-4FBA-BA02-C411C0047CC5}" = Dell Remote Access
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Akamai" = Akamai NetSession Interface
"AVG9Uninstall" = AVG Free 9.0
"CDisplay_is1" = CDisplay 1.8
"CDisplayEx_is1" = CDisplayEx 1.4
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.myavatareditor.MyAvatarEditor.6C70FE1C32C5A720658ABA78363E87592FD88E3E.1" = My Avatar Editor
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Central" = Dell Webcam Central
"DellMFP1125" = Dell MFP 1125
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iSofter DVD Audio Ripper Deluxe_is1" = iSofter DVD Audio Ripper Deluxe 3.0.2007.228
"Jodix Video MP3 Extractor_is1" = Jodix Video MP3 Extractor 1.12
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)
"PROPLUS" = Microsoft Office Professional Plus 2007
"RealPlayer 12.0" = RealPlayer
"Rhapsody" = Rhapsody
"VLC media player" = VLC media player 1.1.2
"WinLiveSuite_Wave3" = Windows Live Essentials
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/29/2010 4:09:23 PM | Computer Name = MTNCONNER-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 9/29/2010 4:09:39 PM | Computer Name = MTNCONNER-PC | Source = McLogEvent | ID = 1007
Description =

Error - 9/29/2010 4:10:12 PM | Computer Name = MTNCONNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/29/2010 4:17:18 PM | Computer Name = MTNCONNER-PC | Source = McLogEvent | ID = 5051
Description =

Error - 9/29/2010 4:25:48 PM | Computer Name = MTNCONNER-PC | Source = System Restore | ID = 8199
Description =

Error - 9/29/2010 4:44:09 PM | Computer Name = MTNCONNER-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 9/29/2010 4:44:10 PM | Computer Name = MTNCONNER-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

Error - 9/29/2010 4:44:12 PM | Computer Name = MTNCONNER-PC | Source = EventSystem | ID = 4609
Description =

Error - 9/29/2010 4:44:24 PM | Computer Name = MTNCONNER-PC | Source = WinMgmt | ID = 10
Description =

Error - 9/29/2010 4:44:32 PM | Computer Name = MTNCONNER-PC | Source = SideBySide | ID = 16842830
Description = Activation context generation failed for "C:\Program Files (x86)\Adobe\Acrobat
9.0\Designer 8.2\FormDesigner.exe".Error in manifest or policy file "" on line
. A component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_152e7382f3bd50c6.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc.manifest.

[ OSession Events ]
Error - 9/13/2010 10:21:37 PM | Computer Name = MTNCONNER-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6535.5002, Microsoft Office Version: 12.0.6425.1000. This session lasted 1310404
seconds with 11820 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 10/3/2010 1:19:40 PM | Computer Name = MTNCONNER-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 10/3/2010 1:20:43 PM | Computer Name = MTNCONNER-PC | Source = DCOM | ID = 10016
Description =

Error - 10/4/2010 5:10:43 PM | Computer Name = MTNCONNER-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.100 for the Network Card with network
address 0022FB99EFCE has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/4/2010 6:57:11 PM | Computer Name = OWNER | Source = Application Popup | ID = 1060
Description = \SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading
due to incompatibility with this system. Please contact your software vendor for
a compatible version of the driver.

Error - 10/4/2010 6:58:09 PM | Computer Name = OWNER | Source = HTTP | ID = 15016
Description =

Error - 10/4/2010 6:58:40 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7000
Description =

Error - 10/4/2010 6:58:40 PM | Computer Name = OWNER | Source = Service Control Manager | ID = 7026
Description =

Error - 10/4/2010 6:59:26 PM | Computer Name = OWNER | Source = DCOM | ID = 10016
Description =

Error - 10/5/2010 10:45:26 PM | Computer Name = OWNER | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.

Error - 10/5/2010 10:45:31 PM | Computer Name = OWNER | Source = ACPI | ID = 327693
Description = : The embedded controller (EC) did not respond within the specified
timeout period. This may indicate that there is an error in the EC hardware or
firmware or that the BIOS is accessing the EC incorrectly. You should check with
your computer manufacturer for an upgraded BIOS. In some situations, this error
may cause the computer to function incorrectly.


< End of report >

Blade81
2010-10-06, 20:41
Hi,

I assume you have a router in use. If so which brand and model? Do you know how to restore it back to factory default settings?

kore321
2010-10-06, 23:22
Hi,

I have a Linksys Wireless N Home Router.
Model No. WRT120N

Should I restore it to the Factory Settings? If so, what do I do? I have to read the manual on the CD.

Mike

Blade81
2010-10-07, 09:27
Make sure the router is powered ON. Then Press+Hold the Reset button of your router for 30secs first. (Reset is found on the back panel of your router, you have to use a pen or a paper clip to press the button) For the LED's if the power blinking that indicates that the router is being reseted and then powercycle the router for only 30secs.

After the reset router's password should be changed stronger than its default one.

kore321
2010-10-07, 17:37
Hi Blade81,

I disconnected from the router for now and am using a wired connection to my modem. I have reset the router and will configure it later. An the ads redirectons seem to have disappeared. I do get some sites that have some words highlighted.

Is there anything else I should in the meantime before the router is back up?

Thanks again.

Blade81
2010-10-07, 18:27
Hi,

Are those highlights appearing on some specific sites only? It might be worth reseting modem too.

kore321
2010-10-07, 19:34
One site that comes in mind is Bleepingcomputer.com but for the most part the sites are normal again.

Thanks.

Blade81
2010-10-07, 19:48
Some sites (like BleepingComputer.com) have ads visible for non logged in users. That's normal.

kore321
2010-10-07, 20:02
Thanks Blade81.

Any other things that needs fixing/cleaning besides the router?

If not, thanks for all your great help!

Mike

kore321
2010-10-08, 07:03
Hi Again Blade81..

I also see my zone alarm blocks programs like tea timer, dwm and dell dock from accessing 239.255.255.250 and/or 224.0.0.251. Also Seaport was trying to access a few addresses.

Thanks again

Blade81
2010-10-08, 07:32
Hi,


Any other things that needs fixing/cleaning besides the router?Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.


I also see my zone alarm blocks programs like tea timer, dwm and dell dock from accessing 239.255.255.250 and/or 224.0.0.251. Also Seaport was trying to access a few addresses.If that causes programs to not work properly you may try to unblock. Alternative option is to remove Zonealarm and use Vista own firewall instead.

kore321
2010-10-09, 07:38
Thanks Blade81.

I did the updates and everything is updated.

I guess it is safe to say I am back to normal again?

BTW, my router did not have the default PW before I reset it. So it can happen again. :sad::sad:

Anything I can do to stop this from happening again?

Thanks again!

Blade81
2010-10-09, 11:44
Hi,

Let's remove OTL too:

Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


Anything I can do to stop this from happening again?
Some hints can be found behind this link (http://forums.spybot.info/showthread.php?t=279).

kore321
2010-10-10, 18:48
Hi Blade81,

Thanks for everything. I just want to ask if that was the whole problem (the router)? Nothing in the machine itself? If so I can go back to normal surfing that I used to do?

Please let me know if it is safe to surf the waters (internet) as much as I was doing so before. ;)

Thanks so much again!
Mike

Blade81
2010-10-10, 19:59
Problem was with router DNS settings that infection had altered (having custom, strong password in router lowers this kind of risks).


Please let me know if it is safe to surf the waters (internet) as much as I was doing so before. ;)
It's safe now. Just remember to stay away from dubious sites :)

Blade81
2010-10-16, 11:42
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.