PDA

View Full Version : Need Help uninstalling iLivid



Bruce C
2011-12-12, 19:35
I mistakedly downloaded iLivid and need help removing . I followed the preliminary instructions and I saved the dds to my desktop but can't seem to copy and paste it to this post.When my wife gets home I'll see if she can help post it to this thread.Thanks in advance for your help, Bruce

Please see attachment

Scolabar
2011-12-15, 10:26
Hi Bruce C,

Firstly, welcome to the Safer-Networking Malware Removal Forum. :)
My name is Scolabar, and I'll be helping you with your malware problems.
Logs can take a while to research, so please be patient.
If you no longer require help i would be grateful if you would let me know.

I am currently working under the guidance of teachers, everything I post to you, will need to be reviewed by them.
This additional review process can add some extra time to my responses, but hopefully not too much. ;)

Please note the following important guidelines before proceeding:
The instructions that will be provided are for YOUR computer and system only!
Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
If you have any questions or do not understand something, please do not hesitate to ask, don't guess or assume.
Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
Only reply to this thread, do not start another. Please, continue responding, until I give you the All Clean.
Absence of symptoms does not necessarily mean that everything is clear.
DO NOT run any other fix or removal tools unless instructed to do so!
DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!
Please Note: If you haven't done so already, please read this topic "BEFORE You POST"(Please read this Procedure Before Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) where the conditions for receiving help here are explained.

Windows Vista Advice:
Please Note: The programs I ask you to use will need to be run in Administrator Mode.
In order to do this Right-click on the program file and select the Run as Administrator option.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
If prompted, please click on the Allow button.
Reference: User Account Control (UAC) and Running as Administrator (http://support.microsoft.com/kb/922708)


Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
In light of this, it would be advisable for you to back up any important files and folders that you don't want to lose before we start.

Backup Your Data - Windows Vista (http://www.vista4beginners.com/How-to-backup-your-data)
If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with additional instructions.

Thank you for your patience.

Scolabar

Bruce C
2011-12-17, 20:00
Hi ,I was not sure if I should post a reply or P.M. you so I sent you a P.M. last night. But just in case ,i thought I should post a reply also. Thanks for the Help and I am waiting patiently for your instructions.
Bruce C.

Scolabar
2011-12-18, 10:08
Hi Bruce C,

Please bear with us. I am waiting for a Teacher to check over my next set of instructions.
As you will no doubt appreciate, the Teachers are very busy.

In the meantime, please make sure you have backed up your user data as provided in my original instructions.

Thank you again for your patience. :)

Scolabar

Scolabar
2011-12-18, 13:08
Hi Bruce C,

Thank you again for your patience. :)

Please read these instructions carefully before executing and perform the steps, in the order given.
lf you have any questions about or problems with, executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Business Use Computer?

Entries in your HijackThis log lead me to believe that this computer may be being used for business purposes.
Please could you confirm if this is the case? If the computer is not used for business purposes please proceed with Step 2.

Step 2:
OTL - Scan

Please download OTL (http://oldtimer.geekstogo.com/OTL.exe) by Old Timer. Save it to your Desktop.
Double-click on OTL.exe to run the program.
Under Output, ensure that the Standard Output option is selected.
Under the Extra Registry section, select the Use SafeList option.
Click the Scan All Users checkbox.
Note: Please leave the remaining selections on the default settings.
Click the LOP Check and Purity Check checkboxes.
Then click on the Run Scan button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:
OTL.txt <-- Will be opened, maximized.
Extras.txt <-- Will be minimized on task bar.
Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
Step 3:
Security Check

Please download Security Check (http://screen317.spywareinfoforum.org/SecurityCheck.exe) by screen317 and Save it to your Desktop.
Alternate download site: Link 2 (http://screen317.changelog.fr/SecurityCheck.exe)
Right-click on SecurityCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Press the Space Bar when you see the Press any key to continue... message.
Please Note: This scan will take a short while to complete, so please be patient.
When the scan has completed, a Notepad file will automatically open called checkup.txt.
Save the file checkup.txt to your Desktop.
Please Note: This output file is NOT automatically saved!
Then Copy and Paste the entire contents of the checkup.txt file into your next reply.
Step 4:
Include in Next Post

Did you have any problems carrying out the instructions?
Is this computer used for business purposes? If not, please clarify for what purposes the computer is used.
OTL.txt.
Extras.txt.
checkup.txt.
Do you have the original Windows installation media for your PC?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Scolabar
2011-12-20, 20:57
Hi Bruce C,

It has been over 48 hours since my last post.

Do you still need help?
Do you need more time?
Are you having problems following my instructions?
In line with Safer-Networking's policy, topics will be closed after 3 days without a response.
If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2011-12-22, 02:24
I sent you a P.M. yesterday ,that I was going to try to do it when my wife is home in case I get stumped . I appoligise as on other forums (unrelated to this one ) the rules are to PM not post a reply or else. .I'm going to attempt tonight . Sorry and thanks for your patience. Thanks ,Bruce

Bruce C
2011-12-22, 03:00
OTL logfile created on: 12/21/2011 7:45:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.84% Memory free
4.11 Gb Paging File | 2.61 Gb Available in Paging File | 63.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 108.17 Gb Free Space | 48.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
PRC - [2011/12/06 05:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/11/15 06:40:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/12 12:49:09 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/01/05 20:21:00 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/10/12 12:21:30 | 001,693,464 | ---- | M] (ParetoLogic) -- C:\Program Files\ParetoLogic\FileCure\FileCure.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2009/02/18 23:30:36 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2009/02/18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 08:37:30 | 000,088,976 | ---- | M] () -- C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll
MOD - [2011/10/14 14:51:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 20:38:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 20:38:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 20:37:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 20:37:27 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011/10/13 20:37:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 20:37:19 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 20:36:54 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 20:36:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 20:36:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 20:35:05 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/23 07:33:30 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cache.dll
MOD - [2010/08/14 10:58:52 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/08/24 18:23:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/25 15:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/03 08:35:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111221.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/03 08:35:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/03 08:35:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111221.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 05:53:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/15 14:18:40 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/14 21:43:08 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111220.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/12/18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFVsp.sys -- (GzOFVsp)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFMdm.sys -- (GzOFMdm)
DRV - [2008/12/16 01:43:48 | 000,033,408 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFBus.sys -- (GzOFBus)
DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/20 14:31:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/12/07 23:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/19 04:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/21 06:45:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{936F5662-F742-42F8-9394-D480B27297A0}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 19:42:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2011/12/16 07:57:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 07:57:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/16 07:57:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 07:57:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 07:57:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 07:57:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/15 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/15 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/15 10:30:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 10:30:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 10:30:15 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 10:30:13 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 10:30:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 10:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/12 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (3)
[2011/12/12 10:53:32 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\Ilivid Player
[2011/12/12 10:52:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2011/12/12 10:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011/12/12 10:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/12/12 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/12/06 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder
[2011/11/29 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (2)
[2008/09/06 13:06:55 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2008/09/06 13:06:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2008/09/06 13:06:46 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2008/09/06 13:06:44 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2008/09/06 13:06:43 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2008/09/06 13:06:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2008/09/06 13:06:41 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2008/09/06 13:06:40 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2008/09/06 13:06:37 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2008/09/06 13:06:36 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2008/09/06 13:06:32 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2008/09/06 13:06:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2008/09/06 13:06:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2008/09/06 13:06:29 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2011/12/21 19:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 19:00:03 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2011/12/21 18:45:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 18:45:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 18:00:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/12/21 16:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 14:00:09 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/21 06:51:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/21 06:51:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/21 06:48:44 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2011/12/21 06:48:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/12/21 06:45:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 22:53:28 | 000,002,714 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/20 17:55:24 | 024,664,064 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/12/20 17:55:23 | 047,326,208 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/12/16 08:17:58 | 000,313,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 19:04:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/12 10:52:36 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011/12/09 22:08:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bruce.job
[2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/02 08:34:49 | 000,000,000 | ---- | M] () -- C:\Users\Bruce\Documents\ATT00682.jpg
[2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/01 15:10:01 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/11/29 18:56:44 | 000,144,448 | ---- | M] () -- C:\Users\Bruce\Desktop\100_9973.jpg
[2011/11/29 18:56:44 | 000,139,387 | ---- | M] () -- C:\Users\Bruce\Desktop\101_0126.jpg
[2011/11/29 18:56:44 | 000,081,941 | ---- | M] () -- C:\Users\Bruce\Desktop\101_0641.jpg
[2011/11/27 21:01:06 | 000,145,530 | ---- | M] () -- C:\Users\Bruce\Desktop\100_0524.jpg
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/15 19:04:54 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/12 10:52:36 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011/12/02 08:34:48 | 000,000,000 | ---- | C] () -- C:\Users\Bruce\Documents\ATT00682.jpg
[2011/11/29 18:56:44 | 000,144,448 | ---- | C] () -- C:\Users\Bruce\Desktop\100_9973.jpg
[2011/11/29 18:56:44 | 000,139,387 | ---- | C] () -- C:\Users\Bruce\Desktop\101_0126.jpg
[2011/11/29 18:56:44 | 000,081,941 | ---- | C] () -- C:\Users\Bruce\Desktop\101_0641.jpg
[2011/11/27 21:01:06 | 000,145,530 | ---- | C] () -- C:\Users\Bruce\Desktop\100_0524.jpg
[2011/05/18 16:59:52 | 000,001,940 | ---- | C] () -- C:\Users\Bruce\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/09/16 18:25:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 18:25:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/17 17:34:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/06 13:08:36 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2008/09/06 13:08:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2008/09/06 13:07:02 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2008/09/06 13:06:45 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2008/09/06 13:06:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2008/09/06 13:06:39 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2008/09/06 13:06:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2008/09/06 13:06:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2008/09/06 13:06:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2008/09/06 13:06:33 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2008/09/06 13:06:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2008/09/06 13:06:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2008/02/21 19:41:24 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 21:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
[2007/12/12 20:32:40 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2007/11/13 18:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/10/13 08:29:19 | 000,033,792 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 08:21:35 | 000,002,714 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/28 13:41:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,313,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2008/03/30 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Leadertech
[2010/12/10 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\PCDr
[2009/01/29 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Skinux
[2010/08/15 07:12:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Tific
[2011/01/05 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Uniblue
[2011/06/12 02:56:52 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job
[2011/12/21 06:48:44 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job
[2011/12/21 18:00:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/04/01 04:43:00 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/21 06:48:44 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/12/20 22:53:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/21 14:00:09 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2010/09/03 20:24:56 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40FFB3E6-5C62-43BA-803E-82D3168ED07A}.job
[2011/12/21 19:00:03 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 804 bytes -> C:\Users\Bruce\Documents\Fwd_ [Fwd_ FW_ S.Y.B.S.T.D.].eml:OECustomProperty

< End of report >


OTL Extras logfile created on: 12/21/2011 7:45:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.84% Memory free
4.11 Gb Paging File | 2.61 Gb Available in Paging File | 63.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 108.17 Gb Free Space | 48.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C71FE6-FD48-485C-AF13-3808DC87F217}" = rport=138 | protocol=17 | dir=out | app=system |
"{0614EFC1-D649-4348-9388-4DDE71007316}" = rport=139 | protocol=6 | dir=out | app=system |
"{143FB136-D8E0-4AA0-B5A9-8C8D8064AABD}" = lport=137 | protocol=17 | dir=in | app=system |
"{41937103-B807-4395-82F0-5DF463440BDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{4B351C59-02A7-4868-81B3-0AEB069AB52A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63D50AA6-4DCA-4A6B-B677-8088ED6F04BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AE72094-FDDC-4ACD-BE11-0B837B2B8841}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CC836D6-6F69-43B3-B802-11CFD279CB06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{87829809-6925-44EC-B0F4-9FD38BD5424C}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAAA0641-7FD8-4D52-83A0-F02BE7821F5C}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011558CB-9AD7-43BA-9799-60F9CC69854D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{078680B7-2530-4CDC-A0F3-6259239A5BE1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0C01E7FA-7331-4A63-81A7-22B4F6980655}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"{1890D10E-D950-4AB2-8144-2ABBBB54D52A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{34980A69-2428-46A5-AAB5-3EA8BA49BF92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A4F0DC8-415B-48D7-BAD8-612A8EFD67BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3C2F3189-ACE2-4514-AC48-BA372DCA9BBD}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{548FE892-E2C1-4734-9622-CDC154D8950A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
"{56D766BF-352A-4538-A6ED-210C372318B2}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{5AF716DF-7D29-476C-9B19-47C1AC2E9A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{680F9F34-4315-4B4B-9BC5-DD706129F1ED}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{6E3C1CE7-99DA-4F6C-A4D1-81B6581ADABD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84C0CD36-566D-4FBA-8BC7-8CFD02AD49A1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
"{936A5380-2522-4AB3-AF91-F5B127DC6F4F}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A2BA0F5E-0619-47FF-874A-AD28EE49D254}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A764267E-DFFB-4736-A41F-2A30D2444975}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{A8A24D1E-68FC-4065-8C3E-A22C7F14B4A9}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe |
"{B9AEF5AB-16EA-447E-BC82-78B3832C8520}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{BAAE4544-A02D-42C3-8D4E-05CF6655B595}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{BFCDC973-B85D-4568-B17B-0A367E15011A}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{C3C84773-D758-480E-A42B-40A86D8CD75A}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{C4B812CF-49A9-4FC5-A0D8-7D71AD891495}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe |
"{D295D8C1-4942-4798-9DEC-3BC89FD808D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D58EA2EE-3ABF-4C74-9B1E-63F73876DEF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EFFEC8CA-527A-4187-A197-0EA5FA88C14D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"{F061D39C-4EA5-4406-A2CB-F89E392DC400}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4ACB043-CE5C-4E51-8754-58F695A6084D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA}" = Uniblue RegistryBooster
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2357B8BC-88C9-4A72-818C-050CC4EB0778}" = AOL Install
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Boxster Models" = Boxster Models 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Dell Support Center" = Dell Support Center
"Dell V305" = Dell V305
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ieSpell" = ieSpell
"iLivid" = iLivid
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Uniblue RegistryBooster" = Uniblue RegistryBooster
"Windows Searchqu Toolbar" = Windows iLivid Toolbar

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MS AntiSpyware 2009 5.7" = MS AntiSpyware 2009

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/18/2011 3:00:04 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
Description =

Error - 12/18/2011 3:00:06 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

Error - 12/19/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
Description =

Error - 12/20/2011 3:00:04 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
Description =

Error - 12/20/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

Error - 12/20/2011 5:30:59 PM | Computer Name = Bruce-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16421 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1b0c Start Time: 01ccbf568d9c36e7 Termination Time: 16

Error - 12/20/2011 11:46:13 PM | Computer Name = Bruce-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 12/21/2011 11:17:32 AM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = AppendDNSNameString: Illegal empty label in name "è‘ À.. "

Error - 12/21/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
Description =

Error - 12/21/2011 3:00:06 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

[ Dell Events ]
Error - 12/11/2010 8:29:21 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:29:21 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:37:42 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:37:42 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/9/2011 9:44:01 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/9/2011 9:44:01 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/14/2011 9:18:25 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 12/16/2007 6:54:04 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2007 8:41:56 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2008 6:49:07 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 7:09:17 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 6:51:43 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/4/2008 6:34:19 AM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 2:18:22 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 9:16:15 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/22/2008 5:49:06 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/17/2009 6:35:28 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/20/2011 9:52:38 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/20/2011 9:52:38 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/20/2011 9:57:27 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/20/2011 9:57:57 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/20/2011 8:28:24 PM | Computer Name = Bruce-PC | Source = Print | ID = 6161
Description = The document 3.5 x 5 in. (4), owned by Bruce, failed to print on printer
Dell V305. Try to print the document again, or restart the print spooler. Data
type: LEMF. Size of the spool file in bytes: 9360742. Number of bytes printed: 9360742.
Total number of pages in the document: 1. Number of pages printed: 0. Client computer:
\\BRUCE-PC. Win32 error code returned by the print processor: 0. The operation
completed successfully.

Error - 12/21/2011 7:46:47 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/21/2011 7:46:47 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/21/2011 7:46:47 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/21/2011 7:49:05 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/21/2011 7:49:35 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Bruce C
2011-12-22, 03:13
Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java(TM) SE Runtime Environment 6
Adobe Reader 8 Adobe Reader out of date!
Adobe Reader X KB403742.. Adobe Reader out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
``````````End of Log````````````

Bruce C
2011-12-22, 03:18
1. No problems carrying out instructions
2. This computer is not used for business. Home based personal computer.
3. , 4. and 5 have been posted in previous replies.
6. We have the operating system and other discs that were already installed in the PC

Scolabar
2011-12-23, 13:53
Hi Bruce C,

Thank you again for your patience. :)

Please confirm whether or not you are aware of having installed the program GoToAssist. If so, for what purpose was the program installed?

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

First we need to make sure we have a back up of the Registry to return to if we need it:

Select Start > Control Panel then double-click on the System icon in the Control Panel.
In the left-hand pane click on the System Protection option.
When the Dialog comes up, click on the System Protection tab.
Check that the drive letter where Windows is located (usually C: drive) indicates System protection ON.
(This indicates System restore is turned ON for the Windows drive).
Click on the Create button to create a new restore point. In the Name dialog, type a descriptive name and then click on the Create button.
You will get a message that the Restore Point was created successfully. Click on the Close button.
Click on the OK button and close the System window in the Control Panel.
< STOP > If you did not successfully complete this step. < STOP > Do not continue with any other steps, post back and let me know!

Step 2:
Uninstall Programs

Registry Cleaners Advisory

I notice that the Uniblue RegistryBooster Registry Cleaner is installed on this computer.

I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners

Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference.
If it doesn't work properly you may end up with an expensive doorstop.
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
http://forums.whatthetech.com/Regcleaner_t42862.html

In addition, I would also recommend the uninstallation of Paretologic File Cure.
The company Paretologic also produces a Registry Cleaner as well as other products classed as spyware and therefore, by association, Paretologic File Cure cannot be trusted or recommended.

Ultimately, the decision whether or not to remove both of these programs is yours. However, steering clear of such products in future will reduce your exposure to potential malware threats.

Please follow the instructions below to remove these and other unwanted programs:

Select Start > Control Panel > Programs > Programs and Features.
Under the Programs heading, click on Uninstall a program.
Scroll down the list of installed programs and locate the following program:


AOL Install
Paretologic File Cure <-- Opional Removal - see reasons provided above
Uniblue RegistryBooster <-- Opional Removal - see reasons provided above

Right-click on Uninstall to uninstall it.
Repeat steps 3 - 4 for each program in the list.
When finished Close the Control Panel window.
Restart the computer to complete removal of the program.
Step 3:
Download Custom Script

Right-click on This Link (http://downloads.malwareremoval.com/SQW7-Vista_x64.TXT) and select Save target as... or Save Link as... option ...
Save as the filename: Fix.txt to your Desktop. <-- IMPORTANT
Step 4:
OTL - Custom Fix

We now need to run a custom OTL fix.

Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan. Refer to This Howto Topic (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html), if necessary.

Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Click on the Run Fix button at the top of the program window.
You will see a pop-up dialog reporting "No fix has been provided. Click OK to load from a file or Cancel". Click on the OK button to continue.
When the Open dialog appears, Navigate to your Desktop, scroll down to and select the file named Fix.txt and then click on the Open button.
Some text will appear in the Custom scans/Fixes box.
Click on the Run Fix button.
Note: Please let the program run unhindered until it has finished.
Reboot the PC when it is done.
Once the computer has restarted and you have logged back into your usual account, a text file named OTL.txt will automatically open in Notepad. This file will be located on your Desktop.
Please Copy and Paste the entire contents of OTL.txt into your next reply.
Step 5:
SystemLook

Please download SystemLook.exe (http://jpshortstuff.247fixes.com/SystemLook_.exe) by jpshortstuff and save it to your Desktop.
Alternate download site (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe).
Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the text in the code box below into SystemLook's main text entry window:

:filefind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech
Click on the Look button to start the scan.
Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
A log file will be created on your Desktop named SystemLook.txt.
Please post the contents of the SystemLook.txt file in your next reply.
Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
Are you aware of having installed the program GoToAssist? If so, for what purpose was the program installed?
OTL.txt.
SystemLook.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2011-12-24, 17:36
I will follow the instructions as soon as I can get an assist from my wife.
As for the Uniblue Registry , I don't know how I got it and have been trying to get rid of it for months. As for the Go to assist and Paretologic file Cure ,I don't know where they came from and will gladly get rid of them as well as any other sugestions you may have .Thank you for all your help so far and as soon as I take the next step I''ll post it. Thanks again , Bruce

Scolabar
2011-12-24, 18:57
Hi Bruce C,

Thank you for the update. I'll wait to hear from you.
In the meantime, I wish you a Merry Xmas. :santa:

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2011-12-26, 22:30
All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\searchqutoolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu 406 MediaBar\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\menuorder\start menu2\programs\bandoo\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\DataMngr_Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\ilivid\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\searchqutoolbar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Bandoo\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\BandooCore.EXE\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1301A8A5-3DFB-4731-A162-B357D00C9644}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.BandooCore\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.ResourcesMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.SettingsMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr.1\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BandooCore.StatisticMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4ca8-A185-8FF989AF1115}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{477F210A-2A86-4666-9C4B-1189634D2C84}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF871E51-2655-4D06-AED5-745962A96B32}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7f000001-db8e-f89c-2fec-49bf726f8c12}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9189560-573A-4fde-B055-AE7B0F4CF080}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBD6D47-F5E5-49E4-8157-8BCFF11F3CC3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ilivid.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\SetupDataMngr_searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu 406 MediaBar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\SearchquMediabarTb\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27f69c85-64e1-43ce-98b5-3c9f22fb408e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b543ef05-9758-464e-9f37-4c28525b4a4c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{8f5f1cb6-ea9e-40af-a5ca-c7fd63cc1971}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\microsoft\windows\currentversion\app management\arpcache\searchqu 406 mediabar\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{a40dc6c5-79d0-4ca8-a185-8ff989af1115}\inprocserver32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{cc1ac828-bb47-4361-afb5-96eee259dd87}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\clsid\{fefd3af5-a346-4451-aa23-a3ad54915515}\inprocserver32\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{5b4144e1-b61d-495a-9a50-cd1a95d86d15}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{6a4bcaba-c437-4c76-a54e-af31b8a76cb9}\1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\typelib\{841d5a49-e48d-413c-9c28-eb3d9081d705}\1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\internet explorer\low rights\elevationpolicy\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d0a4be92-2216-42db-ab35-d72efb9f0176}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\shared tools\msconfig\startupreg\datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchqu.com\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E1E743B1-DFF5-4DCF-8CD5-9AAFD552B290}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{3B0118C8-8D12-46CD-A083-2116D587A11F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3B0118C8-8D12-46CD-A083-2116D587A11F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C39DB3DF-7935-4821-9BD7-170D277DA935} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39DB3DF-7935-4821-9BD7-170D277DA935}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6B2163BE-A595-4E6E-AAF0-E22A29D38262} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6B2163BE-A595-4E6E-AAF0-E22A29D38262}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A49227EB-05C7-449A-9BB6-18F653936F32} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A49227EB-05C7-449A-9BB6-18F653936F32}\ not found.
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E!
Unable to set value : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\\@|"ISearchQueryHelper" /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}\ProxyStubClsid32\\@|"{B056521A-9B10-425E-B616-1FCD828DB3B1}" /E : value set successfully!
========== FILES ==========
File/Folder C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\SearchquWebSearch.xml not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\searchqutoolbar not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Mozilla\Firefox\Profiles\{99079a25-328f-4bd4-be04-00955acaa0a7} not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\*@sweetim[1].txt not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[1].txt not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@ilivid[2].txt not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[1].txt not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@searchqu[2].txt not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@stats.ilivid[1].txt not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@sweetim[1].txt not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[2].txt not found.
File/Folder C:\Users\Bruce\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@www.sweetim[3].txt not found.
C:\Users\Bruce\AppData\Local\Ilivid Player folder moved successfully.
File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\iLividSetupV1.exe not found.
File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ilivid[1].7z not found.
File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SetupDataMngr_Searchqu[1].exe not found.
File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SweetImSetup.exe not found.
File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BandooV6[1].exe not found.
File/Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\searchqu_net[1].htm not found.
File/Folder C:\Users\Bruce\AppData\Local\Temp\BandooFiles not found.
File/Folder C:\Users\Bruce\AppData\Local\Temp\BandooV6.exe not found.
File/Folder C:\Users\Bruce\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File/Folder C:\Users\Bruce\AppData\Local\Temp\SweetIMReinstall not found.
File/Folder C:\Users\Bruce\AppData\Local\Temp\SweetIMReinstall\SweetImSetup.exe not found.
File/Folder C:\Users\Bruce\AppData\Local\Temp\ilivid.7z not found.
File/Folder C:\Users\Bruce\AppData\Local\Temp\searchqu.ini not found.
File/Folder C:\Users\Bruce\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
C:\Users\Bruce\AppData\LocalLow\searchquband folder moved successfully.
C:\Users\Bruce\AppData\LocalLow\searchqutoolbar\weather folder moved successfully.
C:\Users\Bruce\AppData\LocalLow\searchqutoolbar folder moved successfully.
File/Folder C:\Users\Bruce\Downloads\SweetImSetup.exe not found.
File/Folder C:\Users\Bruce\Downloads\iLividSetupV1.exe not found.
C:\Users\Bruce\AppData\LocalLow\DataMngr folder moved successfully.
File/Folder C:\Users\Bruce\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\3AJVC1WF\www.ilivid[1].xml not found.
File/Folder C:\Users\Bruce\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\TYBUQFS4\www.searchqu[1].xml not found.
File\Folder C:\Windows\Prefetch\SEARCHQU TOOLBAR UNINSTALL.EX-4EFDDDEA.pf not found.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows iLivid Toolbar folder moved successfully.
C:\Program Files\iLivid\VLC\skins\fonts folder moved successfully.
C:\Program Files\iLivid\VLC\skins folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\lib\pkgconfig folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\lib folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include\vlc\plugins folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include\vlc folder moved successfully.
C:\Program Files\iLivid\VLC\sdk\include folder moved successfully.
C:\Program Files\iLivid\VLC\sdk folder moved successfully.
C:\Program Files\iLivid\VLC\plugins folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\volume folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\selection folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default\selected folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu\default folder moved successfully.
C:\Program Files\iLivid\VLC\osdmenu folder moved successfully.
C:\Program Files\iLivid\VLC\NSIS folder moved successfully.
C:\Program Files\iLivid\VLC\mozilla folder moved successfully.
C:\Program Files\iLivid\VLC\lua\sd folder moved successfully.
C:\Program Files\iLivid\VLC\lua\playlist folder moved successfully.
C:\Program Files\iLivid\VLC\lua\modules folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\reader folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\fetcher folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta\art folder moved successfully.
C:\Program Files\iLivid\VLC\lua\meta folder moved successfully.
C:\Program Files\iLivid\VLC\lua\intf\modules folder moved successfully.
C:\Program Files\iLivid\VLC\lua\intf folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\requests folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\js folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\images folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http\dialogs folder moved successfully.
C:\Program Files\iLivid\VLC\lua\http folder moved successfully.
C:\Program Files\iLivid\VLC\lua\extensions folder moved successfully.
C:\Program Files\iLivid\VLC\lua folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zu\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zu folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zh_TW\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zh_TW folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zh_CN\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\zh_CN folder moved successfully.
C:\Program Files\iLivid\VLC\locale\wa\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\wa folder moved successfully.
C:\Program Files\iLivid\VLC\locale\vi\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\vi folder moved successfully.
C:\Program Files\iLivid\VLC\locale\uk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\uk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tr\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tr folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\th\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\th folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tet\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\tet folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ta\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ta folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sv\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sv folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sr\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sr folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sq\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sq folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\sk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\si\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\si folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ru\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ru folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ro\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ro folder moved successfully.
C:\Program Files\iLivid\VLC\locale\qt4 folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pt_PT\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pt_PT folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pt_BR\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pt_BR folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ps\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ps folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pa\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\pa folder moved successfully.
C:\Program Files\iLivid\VLC\locale\oc\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\oc folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nn\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nn folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ne\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ne folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nb\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\nb folder moved successfully.
C:\Program Files\iLivid\VLC\locale\my\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\my folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ms\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ms folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mn\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mn folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ml\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ml folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\mk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lv\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lv folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lt\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lt folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lg\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\lg folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ko\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ko folder moved successfully.
C:\Program Files\iLivid\VLC\locale\km\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\km folder moved successfully.
C:\Program Files\iLivid\VLC\locale\kk\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\kk folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ka\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ka folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ja\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ja folder moved successfully.
C:\Program Files\iLivid\VLC\locale\it\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\it folder moved successfully.
C:\Program Files\iLivid\VLC\locale\is\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\is folder moved successfully.
C:\Program Files\iLivid\VLC\locale\id\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\id folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hy\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hy folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hu\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hu folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hr\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hr folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hi\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\hi folder moved successfully.
C:\Program Files\iLivid\VLC\locale\he\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\he folder moved successfully.
C:\Program Files\iLivid\VLC\locale\gl\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\gl folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ga\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ga folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fur\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fur folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fr\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fr folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fi\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fi folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ff\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ff folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fa\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\fa folder moved successfully.
C:\Program Files\iLivid\VLC\locale\eu\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\eu folder moved successfully.
C:\Program Files\iLivid\VLC\locale\et\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\et folder moved successfully.
C:\Program Files\iLivid\VLC\locale\es\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\es folder moved successfully.
C:\Program Files\iLivid\VLC\locale\en_GB\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\en_GB folder moved successfully.
C:\Program Files\iLivid\VLC\locale\el\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\el folder moved successfully.
C:\Program Files\iLivid\VLC\locale\de\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\de folder moved successfully.
C:\Program Files\iLivid\VLC\locale\da\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\da folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cs\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cs folder moved successfully.
C:\Program Files\iLivid\VLC\locale\co\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\co folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ckb\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ckb folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cgg\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\cgg folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ca\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ca folder moved successfully.
C:\Program Files\iLivid\VLC\locale\br\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\br folder moved successfully.
C:\Program Files\iLivid\VLC\locale\bn\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\bn folder moved successfully.
C:\Program Files\iLivid\VLC\locale\bg\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\bg folder moved successfully.
C:\Program Files\iLivid\VLC\locale\be\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\be folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ast\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ast folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ar\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ar folder moved successfully.
C:\Program Files\iLivid\VLC\locale\am\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\am folder moved successfully.
C:\Program Files\iLivid\VLC\locale\af\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\af folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ach\LC_MESSAGES folder moved successfully.
C:\Program Files\iLivid\VLC\locale\ach folder moved successfully.
C:\Program Files\iLivid\VLC\locale folder moved successfully.
C:\Program Files\iLivid\VLC\languages folder moved successfully.
C:\Program Files\iLivid\VLC\http\requests folder moved successfully.
C:\Program Files\iLivid\VLC\http\js folder moved successfully.
C:\Program Files\iLivid\VLC\http\images folder moved successfully.
C:\Program Files\iLivid\VLC\http\dialogs folder moved successfully.
C:\Program Files\iLivid\VLC\http folder moved successfully.
C:\Program Files\iLivid\VLC\activex folder moved successfully.
C:\Program Files\iLivid\VLC folder moved successfully.
C:\Program Files\iLivid\imageformats folder moved successfully.
C:\Program Files\iLivid folder moved successfully.
File\Folder C:\Windows\Prefetch\ILIVID* not found.
File\Folder C:\Windows\Prefetch\SEARCHQUMEDIABAR* not found.
File\Folder C:\Windows\Prefetch\SETUPDATAMNGR* not found.
File\Folder C:\Program Files (x86)\iLivid not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 5024998 bytes
->Temporary Internet Files folder emptied: 196604400 bytes
->Java cache emptied: 9348403 bytes
->Flash cache emptied: 3003 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2358989 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 1675677896 bytes

Total Files Cleaned = 1,802.00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 12262011_150845

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF78E8.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF78F6.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA8A1.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA8A8.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFB93.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFBA1.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFC28.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFC37.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFCCE.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFD5A.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFFEA.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFFFF7.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\4651[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\4651[2].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\ads[4].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\api[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPLDSNCD\likebox[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\ads[6].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\ads[7].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\ads[8].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\api[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\documentwrite[1].js moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\external-link[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\iframe[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\index[2].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\showthread[4].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\showthread[5].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OWE9VR05\sl1[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OGK4RC21\companions[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGUXWUZQ\ads[7].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGUXWUZQ\ads[8].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGUXWUZQ\al[1].js moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GGUXWUZQ\context[1].js moved successfully.
File\Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AS0KFQYC\shm[1].htm not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\AS0KFQYC\visit[1].js moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\ads[5].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\ads[6].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\how-to-disable-your-security-applications-490111[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\index[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\9ZYMBPWB\track[1].htm moved successfully.
File\Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\80XCFXVW\300x250[1].htm not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\80XCFXVW\api[1].htm moved successfully.
File\Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\80XCFXVW\FbQh4mPQAAAABO-NPlAAAi9AAAP4kAOq9zAAA_hABqaHddefmPqQ[1].htm not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\80XCFXVW\VFAAAABhAnAAC4ugAAPdUBAPTT-E64ugAAT0dOOQ==![1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
File\Folder C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\flaDAFE.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{0B8EE49B-43F5-4921-82B4-F9FCD51ECDD5}.tmp moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9F71C5D5-C60F-4CC3-87EF-8B885FEABDD2}.tmp moved successfully.

Registry entries deleted on Reboot...

Bruce C
2011-12-26, 22:57
SystemLook 30.07.11 by jpshortstuff
Log created at 15:39 on 26/12/2011 by Bruce
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [15:52 12/12/2011] [15:52 12/12/2011] BB2864E331DB1BA31D424C2571333C6E
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.dat --a--c- 225 bytes [15:52 12/12/2011] [15:52 12/12/2011] 28707D5C41928D3463F7379C09AEF8AD
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe --a--c- 3002188 bytes [15:52 12/12/2011] [10:22 06/12/2011] 190C64038FC1B7F407C9440970796660
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.lnk --a--c- 0 bytes [15:52 12/12/2011] [15:52 12/12/2011] D41D8CD98F00B204E9800998ECF8427E
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.msi --a--c- 290816 bytes [15:52 12/12/2011] [10:22 06/12/2011] 124EA05DAF45A65251AE088E794FCC6A
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.par --a--c- 1493 bytes [15:52 12/12/2011] [15:52 12/12/2011] 545DE9BE9EF6B67297A5CC14E3C900A4
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.res --a--c- 2459440 bytes [15:52 12/12/2011] [10:22 06/12/2011] 0F1F6441CD4452A373C49CF6CC22BBB4
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [15:52 12/12/2011] [15:52 12/12/2011] BB2864E331DB1BA31D424C2571333C6E
C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.dat --a--c- 225 bytes [15:52 12/12/2011] [15:52 12/12/2011] 28707D5C41928D3463F7379C09AEF8AD
C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe --a--c- 3002188 bytes [15:52 12/12/2011] [10:22 06/12/2011] 190C64038FC1B7F407C9440970796660
C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.lnk --a--c- 0 bytes [15:52 12/12/2011] [15:52 12/12/2011] D41D8CD98F00B204E9800998ECF8427E
C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.msi --a--c- 290816 bytes [15:52 12/12/2011] [10:22 06/12/2011] 124EA05DAF45A65251AE088E794FCC6A
C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.par --a--c- 1493 bytes [15:52 12/12/2011] [15:52 12/12/2011] 545DE9BE9EF6B67297A5CC14E3C900A4
C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.res --a--c- 2459440 bytes [15:52 12/12/2011] [10:22 06/12/2011] 0F1F6441CD4452A373C49CF6CC22BBB4
C:\Users\Public\Desktop\iLivid Download Manager.lnk --a---- 826 bytes [15:52 12/12/2011] [15:52 12/12/2011] 84CD79C2BEC432B29CC4FDC24B5CE7B1
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [15:52 12/12/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [15:52 12/12/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [15:52 12/12/2011] [10:17 06/12/2011] A66079777083006EA2EB658205FA2780
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [15:52 12/12/2011] [10:17 06/12/2011] D8B3EB0A5B5FDBC1609E4E2B66CE3F93

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\searchquband d------ [15:53 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\searchqutoolbar d------ [15:52 12/12/2011]

Searching for "*iLivid*"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [15:52 12/12/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid d------ [15:52 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid d------ [15:52 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar d------ [15:52 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\Local\Ilivid Player d------ [15:53 12/12/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [15:52 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\DataMngr d------ [15:53 12/12/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Publisher"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"Contact"="Bandoo Media Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"Contact"="Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"Publisher"="Bandoo Media, Inc"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"Publisher"="Bandoo Media Inc."

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
"@"="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
"@"="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
@="URL:ilivid Player"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\shell\open\command]
@=""C:\Program Files\iLivid\ilivid.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
"ProductName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\SourceList]
"PackageName"="iLividSetupV1.msi"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player]
"installpath"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player]
"player_path"="C:\Program Files\iLivid\VLC\vlc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\player\hosts\ilivid.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D]
"2B1E51D87B2D71A44BB42DDD5E894160"="01:\Software\ilivid\general\ReferrerID"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\Program Files\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E]
"2B1E51D87B2D71A44BB42DDD5E894160"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\InstallProperties]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayIcon"="C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"UninstallString"=""C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"ModifyPath"="C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"HelpLink"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"URLUpdateInfo"="http://www.ilivid.com/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"DisplayName"="Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"UninstallString"="C:\Program Files\Windows iLivid Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"DisplayIcon"="C:\Program Files\Windows iLivid Toolbar\uninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
"Path"="C:\Program Files\Windows iLivid Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"InstallLocation"="C:\Program Files\iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"DisplayName"="iLivid"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
"UninstallString"="C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid.exe"
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"="iLivid Installation "
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files\iLivid\ilivid.exe"="ilivid.exe"

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
@="DataMngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\InprocServer32]
@="C:\PROGRA~1\WI371A~1\Datamngr\BROWSE~1.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}]
"AppPath"="C:\PROGRA~1\WI371A~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"="C:\PROGRA~1\WI371A~1\Datamngr\DATAMN~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Private|App=C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\dtUser.exe|Name=DTX broker|Edge=FALSE|"

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-

Bruce C
2011-12-26, 23:18
1. No problem with instructions
Hoever, we did not disableAnti-virus, Step 4, as we were not sure that it was real time protection
2. I do not believe that we created GoToAssist
3. and 4. We were able to download these.
Thank you for your help
Bruce

Scolabar
2011-12-27, 21:56
Hi Bruce C,

Thank you for the logs and update. I hope you enjoyed your Xmas Day and Boxing Day festivities. :santa:

Please confirm whether or not you were able to uninstall the following programs without any problems:

AOL Install
Paretologic File Cure
Uniblue RegistryBooster
Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

We will be making changes to the Registry again. Please create another System Restore Point following the instructions for Step 1 in my previous post before continuing any further.

Step 2:
Uninstall Programs

If you haven't already done so, please remove the following programs as instructed below:

Select Start > Control Panel > Programs > Programs and Features.
Under the Programs heading, click on Uninstall a program.
Scroll down the list of installed programs and locate the following program:

AOL Install
GoToAssist 8.0.0.514
Paretologic File Cure
Uniblue RegistryBooster
Right-click on Uninstall to uninstall it.
Repeat steps 3 - 4 for each program in the list.
When finished Close the Control Panel window.
Restart the computer to complete removal of the program.
Please confirm that the programs have been successfully removed in your next post.
Step 3:
OTL - Script

Next we need to run another OTL script.

**IMPORTANT** Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan as follows:


Temporarily Disable Norton 360 Realtime Protection:
Right-click the Norton icon on your Windows application tray.
View the Norton 360 Control Panel that displays. You will see the Firewall enabled and Auto Protect enabled menu options checked.
Un-check the Firewall and Autoprotect options to temporarily disable Norton.
You will then be asked to select a time-frame for disabling the automatic protective services
You will get a new dialog box with five options: 15 minutes, 1 hour, 5 hours, Until System Restart, Permanently.
Choose Until System Restart and then save the changes.
Note: If you choose forever, you will need to manually enable Norton 360 protective services at a future time.

Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code.

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar]
[-HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"=-
"C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"=-
"C:\Program Files\iLivid\ilivid.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[-HKEY_LOCAL_MACHINE\SOFTWARE\ilivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E]
"2B1E51D87B2D71A44BB42DDD5E894160"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"="-
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
[-HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"=-
"C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"=-
"C:\Program Files\iLivid\ilivid.exe"=-
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe"=-
"C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe"=-
"C:\Program Files\iLivid\ilivid.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DATAMNGR"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"=-
"{BFCDC973-B85D-4568-B17B-0A367E15011A}"=-

:files
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk
C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318}
C:\Users\Public\Desktop\iLivid Download Manager.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid
C:\Program Files\iLivid
C:\Program Files\Windows iLivid Toolbar
ipconfig /flushdns /c

:commands
[emptytemp]
[resethosts]
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL should ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.
Please Copy and Paste the contents of that report into your next reply.
Step 4:
SystemLook

We need to run another check to make sure nothing is left over. ;)

Please download SystemLook.exe (http://jpshortstuff.247fixes.com/SystemLook_.exe) by jpshortstuff and save it to your Desktop.
Alternate download site (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe).
Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the text in the code box below into SystemLook's main text entry window:

:filefind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:folderfind
*Fun4IM*
*Bandoo*
*Searchqu*
*iLivid*
*whitesmoke*
*datamngr*
*trolltech*

:Regfind
Fun4IM
Bandoo
Searchqu
iLivid
whitesmoke
datamngr
kelkoopartners
trolltech
Click on the Look button to start the scan.
Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
A log file will be created on your Desktop named SystemLook.txt.
Please post the contents of the SystemLook.txt file in your next reply.
Step 5:
Include in Next Post

Did you have any problems carrying out the instructions?
Have all the following programs been successfully uninstalled?

AOL Install
GoToAssist 8.0.0.514
Paretologic File Cure
Uniblue RegistryBooster
OTL.txt.
SystemLook.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2011-12-28, 04:29
Step 5 ,1. No problems
2.;AOL Install, Go to Assist 8.0.0514,Paretologic File cure and Uniblue Reg. Booster all successfully uninstalled.
3.OTL.txt , done
4. System Look ,txt. done
SystemLook 30.07.11 by jpshortstuff
Log created at 20:56 on 27/12/2011 by Bruce
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\bandoocode.js --a---- 27324 bytes [13:37 31/10/2011] [13:37 31/10/2011] C4F2571481A116A0C24C9644F0E4B4F5
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib\bandoocode.js --a---- 33963 bytes [13:37 31/10/2011] [13:37 31/10/2011] 11363D5ADC24F5BBC44C678BE8A29FCC
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\bandoo.css --a---- 8308 bytes [13:37 31/10/2011] [13:37 31/10/2011] D98167EFDC45E8EC6F4769791A15CE36

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchquband.dll --a---- 449424 bytes [13:37 31/10/2011] [13:37 31/10/2011] 39ECB144372B2ED7B1B91A1E63D3F275
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll --a---- 88976 bytes [13:37 31/10/2011] [13:37 31/10/2011] AD14E447F7CED4CA987B91B379EAF952

Searching for "*iLivid*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid\ilivid.exe --a---- 2033152 bytes [15:52 12/12/2011] [14:20 05/08/2011] A485B5376A7BD86E17DA042A64EE3E86
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid\ilivid.ico --a---- 9662 bytes [15:52 12/12/2011] [09:41 04/11/2009] D64C36521A1839B54788D7D0A82DAF08
C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk --a---- 844 bytes [15:52 12/12/2011] [15:52 12/12/2011] BB2864E331DB1BA31D424C2571333C6E
C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.dat --a--c- 225 bytes [15:52 12/12/2011] [15:52 12/12/2011] 28707D5C41928D3463F7379C09AEF8AD
C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.exe --a--c- 3002188 bytes [15:52 12/12/2011] [10:22 06/12/2011] 190C64038FC1B7F407C9440970796660
C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.lnk --a--c- 0 bytes [15:52 12/12/2011] [15:52 12/12/2011] D41D8CD98F00B204E9800998ECF8427E
C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.msi --a--c- 290816 bytes [15:52 12/12/2011] [10:22 06/12/2011] 124EA05DAF45A65251AE088E794FCC6A
C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.par --a--c- 1493 bytes [15:52 12/12/2011] [15:52 12/12/2011] 545DE9BE9EF6B67297A5CC14E3C900A4
C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}\iLividSetupV1.res --a--c- 2459440 bytes [15:52 12/12/2011] [10:22 06/12/2011] 0F1F6441CD4452A373C49CF6CC22BBB4
C:\_OTL\MovedFiles\12272011_185541\C_Users\Public\Desktop\iLivid Download Manager.lnk --a---- 826 bytes [15:52 12/12/2011] [15:52 12/12/2011] 84CD79C2BEC432B29CC4FDC24B5CE7B1

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll --a---- 1236368 bytes [15:52 12/12/2011] [10:17 06/12/2011] A66079777083006EA2EB658205FA2780
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe --a---- 1694608 bytes [15:52 12/12/2011] [10:17 06/12/2011] D8B3EB0A5B5FDBC1609E4E2B66CE3F93

Searching for "*trolltech*"
No files found.

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\searchquband d------ [15:53 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\searchqutoolbar d------ [15:52 12/12/2011]

Searching for "*iLivid*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\iLivid d------ [15:52 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar d------ [15:52 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\Local\Ilivid Player d------ [15:53 12/12/2011]
C:\_OTL\MovedFiles\12272011_185541\C_ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid d------ [15:52 12/12/2011]

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr d------ [15:52 12/12/2011]
C:\_OTL\MovedFiles\12262011_150845\C_Users\Bruce\AppData\LocalLow\DataMngr d------ [15:53 12/12/2011]

Searching for "*trolltech*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
"@"="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
"@"="ISearchQueryHelper"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
No data found.

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
No data found.

-= EOF =-



OTL logfile created on: 12/21/2011 7:45:35 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 42.84% Memory free
4.11 Gb Paging File | 2.61 Gb Available in Paging File | 63.66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 108.17 Gb Free Space | 48.55% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
PRC - [2011/12/06 05:17:56 | 001,694,608 | ---- | M] (Bandoo Media, inc) -- C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe
PRC - [2011/11/15 06:40:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/12 12:49:09 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2011/01/05 20:21:00 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010/10/12 12:21:30 | 001,693,464 | ---- | M] (ParetoLogic) -- C:\Program Files\ParetoLogic\FileCure\FileCure.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2009/02/18 23:30:36 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2009/02/18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 08:37:30 | 000,088,976 | ---- | M] () -- C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll
MOD - [2011/10/14 14:51:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 20:38:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 20:38:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 20:37:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 20:37:27 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011/10/13 20:37:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 20:37:19 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 20:36:54 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 20:36:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 20:36:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 20:35:05 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/23 07:33:30 | 000,047,616 | ---- | M] () -- C:\Program Files\Uniblue\RegistryBooster\cache.dll
MOD - [2010/08/14 10:58:52 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/08/24 18:23:27 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2008/02/25 15:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/03 08:35:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111221.019\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/03 08:35:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/03 08:35:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111221.019\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 05:53:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/15 14:18:40 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/14 21:43:08 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111220.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/12/18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFVsp.sys -- (GzOFVsp)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFMdm.sys -- (GzOFMdm)
DRV - [2008/12/16 01:43:48 | 000,033,408 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFBus.sys -- (GzOFBus)
DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/20 14:31:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/12/07 23:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/19 04:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/21 06:45:21 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{936F5662-F742-42F8-9394-D480B27297A0}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - File not found
O24 - Desktop WallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/21 19:42:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2011/12/16 07:57:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 07:57:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/16 07:57:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 07:57:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 07:57:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 07:57:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/15 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/15 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/15 10:30:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 10:30:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 10:30:15 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 10:30:13 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 10:30:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 10:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/12 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (3)
[2011/12/12 10:53:32 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Local\Ilivid Player
[2011/12/12 10:52:37 | 000,000,000 | -H-D | C] -- C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318}
[2011/12/12 10:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid
[2011/12/12 10:52:26 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011/12/12 10:52:06 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2011/12/06 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder
[2011/11/29 18:57:04 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (2)
[2008/09/06 13:06:55 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2008/09/06 13:06:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2008/09/06 13:06:46 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2008/09/06 13:06:44 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2008/09/06 13:06:43 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2008/09/06 13:06:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2008/09/06 13:06:41 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2008/09/06 13:06:40 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2008/09/06 13:06:37 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2008/09/06 13:06:36 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2008/09/06 13:06:32 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2008/09/06 13:06:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2008/09/06 13:06:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2008/09/06 13:06:29 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2011/12/21 19:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/21 19:00:03 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
[2011/12/21 18:45:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 18:45:12 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/21 18:00:02 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011/12/21 16:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/21 14:00:09 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/21 06:51:34 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/21 06:51:34 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/21 06:48:44 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2011/12/21 06:48:44 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011/12/21 06:45:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/20 22:53:28 | 000,002,714 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/20 17:55:24 | 024,664,064 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/12/20 17:55:23 | 047,326,208 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/12/16 08:17:58 | 000,313,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/15 19:04:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/12 10:52:36 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011/12/09 22:08:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bruce.job
[2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/02 08:34:49 | 000,000,000 | ---- | M] () -- C:\Users\Bruce\Documents\ATT00682.jpg
[2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/01 15:10:01 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/11/29 18:56:44 | 000,144,448 | ---- | M] () -- C:\Users\Bruce\Desktop\100_9973.jpg
[2011/11/29 18:56:44 | 000,139,387 | ---- | M] () -- C:\Users\Bruce\Desktop\101_0126.jpg
[2011/11/29 18:56:44 | 000,081,941 | ---- | M] () -- C:\Users\Bruce\Desktop\101_0641.jpg
[2011/11/27 21:01:06 | 000,145,530 | ---- | M] () -- C:\Users\Bruce\Desktop\100_0524.jpg
[2011/11/23 08:37:27 | 002,043,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/15 19:04:54 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/12 10:52:36 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\iLivid Download Manager.lnk
[2011/12/02 08:34:48 | 000,000,000 | ---- | C] () -- C:\Users\Bruce\Documents\ATT00682.jpg
[2011/11/29 18:56:44 | 000,144,448 | ---- | C] () -- C:\Users\Bruce\Desktop\100_9973.jpg
[2011/11/29 18:56:44 | 000,139,387 | ---- | C] () -- C:\Users\Bruce\Desktop\101_0126.jpg
[2011/11/29 18:56:44 | 000,081,941 | ---- | C] () -- C:\Users\Bruce\Desktop\101_0641.jpg
[2011/11/27 21:01:06 | 000,145,530 | ---- | C] () -- C:\Users\Bruce\Desktop\100_0524.jpg
[2011/05/18 16:59:52 | 000,001,940 | ---- | C] () -- C:\Users\Bruce\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/09/16 18:25:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 18:25:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/17 17:34:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/06 13:08:36 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2008/09/06 13:08:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2008/09/06 13:07:02 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2008/09/06 13:06:45 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2008/09/06 13:06:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2008/09/06 13:06:39 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2008/09/06 13:06:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2008/09/06 13:06:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2008/09/06 13:06:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2008/09/06 13:06:33 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2008/09/06 13:06:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2008/09/06 13:06:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2008/02/21 19:41:24 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 21:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
[2007/12/12 20:32:40 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2007/11/13 18:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/10/13 08:29:19 | 000,033,792 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 08:21:35 | 000,002,714 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/28 13:41:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,313,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2008/03/30 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Leadertech
[2010/12/10 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\PCDr
[2009/01/29 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Skinux
[2010/08/15 07:12:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Tific
[2011/01/05 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Uniblue
[2011/06/12 02:56:52 | 000,000,364 | ---- | M] () -- C:\Windows\Tasks\FileCure Default.job
[2011/12/21 06:48:44 | 000,000,380 | ---- | M] () -- C:\Windows\Tasks\FileCure Startup.job
[2011/12/21 18:00:02 | 000,000,444 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
[2011/04/01 04:43:00 | 000,000,418 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
[2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/21 06:48:44 | 000,000,332 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2011/12/20 22:53:18 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/21 14:00:09 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2010/09/03 20:24:56 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40FFB3E6-5C62-43BA-803E-82D3168ED07A}.job
[2011/12/21 19:00:03 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 804 bytes -> C:\Users\Bruce\Documents\Fwd_ [Fwd_ FW_ S.Y.B.S.T.D.].eml:OECustomProperty

< End of report >
Thank You again for all of your patience and excellent help. Bruce

Scolabar
2011-12-28, 20:34
Hi Bruce C,

Thank you for the logs and feedback. :)

Unfortunately, it looks like you have somehow posted an old OTL scan log instead of the OTL fix log. I'll deal with that in due course. ;)
However, it looks like you must have run the OTL fix as the SystemLook log you posted confirms that the outstanding items uncovered so far appear to have been dealt with. Well done. :bigthumb:

Please stick with me as there is still some work to be done before the computer can be declared clear of malware. ;)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

Please create another System Restore Point following the instructions previously posted before continuing any further.

Step 2:
Malwarebytes' Anti-Malware

Please save any items you have been working on and close any open programs. You may be asked to reboot your machine.

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and Save to your Desktop.
Right-click on mbam-setup.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Then follow the prompts to install the program.
At the end, be sure to place a checkmark next to the following options:

Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click on the Finish button.
If an update is found, it will download and install the latest version.
Once the program has loaded, select the Perform Quick Scan option and then click on the Scan button.
When the scan is complete, click on OK button.
Then on the Show Results button to view the results.
Check all items except items in the C:\System Volume Information folder and then click on the Remove Selected button.
The System Volume Information items will be taken care of later.
When the removal has been completed, a log report will open in Notepad and you may be prompted to restart your computer. (See Note below).
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Account Name\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Please Copy and Paste the entire contents of mbam-log-date (time).txt into your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either prompt and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Step 3:
OTL - Scan

Please run another OTL scan as follows:

Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Under Output, ensure that the Standard Output option is selected.
Under the Extra Registry section, select the Use SafeList option.
Click the Scan All Users checkbox.
Note: Please leave the remaining selections on the default settings.
Click the LOP Check and Purity Check checkboxes.
Then click on the Run Scan button in the top left-hand corner of the program window.
When done, two Notepad files will automatically open:
OTL.txt <-- Will be opened, maximized.
Extras.txt <-- Will be minimized on task bar.
Please Copy and Paste the entire contents of both OTL.txt and Extras.txt files into your next reply.
Step 4:
SystemLook

Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the text in the code box below into SystemLook's main text entry window:

:filefind
12*2011_*.log
Click on the Look button to start the scan.
Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
A log file will be created on your Desktop named SystemLook.txt.
Please Copy and Paste the entire contents of the SystemLook.txt file into your next reply.
Step 5:
Include in Next Post

Did you have any problems carrying out the instructions?
mbam-log-date (time).txt.
OTL.txt.
Extras.txt.
SystemLook.txt.
How is the computer now running?
Have the web browser redirects stopped?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2011-12-29, 03:59
Hi Scolabar ., Thanks for the next step ,but I won't be able to do it until tommorow eve. I'll get back to you then ., Thanks, Bruce

Scolabar
2011-12-29, 15:02
Hi Bruce C,

Thank you for the update. I'll wait to hear from you. ;)

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2011-12-30, 22:34
Hi Scholobar, I tried your inst. on my own but ran into a questionable site regarding Malwarebytes' anti-Malware . . When I thought I finnaly got to the free part they wanted my e-mail ect so they coulld send me the dnld. Sounded fishey? So I stopped there. Thanks , Bruce

Bruce C
2011-12-30, 23:17
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.30.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Bruce :: BRUCE-PC [administrator]

12/30/2011 4:07:30 PM
mbam-log-2011-12-30 (16-07-30).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176117
Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(

Bruce C
2011-12-31, 03:15
OTL logfile created on: 12/30/2011 7:51:48 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 48.11% Memory free
4.11 Gb Paging File | 2.76 Gb Available in Paging File | 67.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 109.66 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
PRC - [2011/11/15 06:40:23 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/11/12 12:49:09 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/09/06 12:29:20 | 004,259,648 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
PRC - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files\Dell DataSafe Local Backup\SftService.exe
PRC - [2011/08/01 12:56:48 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
PRC - [2010/01/27 08:40:58 | 000,323,584 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/18 23:33:08 | 000,809,488 | ---- | M] (Logitech, Inc.) -- C:\Program Files\SetPoint\SetPoint.exe
PRC - [2009/02/18 23:30:36 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\SetPoint\LBTWiz.exe
PRC - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2009/02/18 23:28:52 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) -- C:\Windows\System32\dldtcoms.exe
PRC - [2007/03/09 11:09:58 | 000,063,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 14:51:46 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/13 20:38:24 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 20:38:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 20:37:54 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 20:37:27 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll
MOD - [2011/10/13 20:37:21 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll
MOD - [2011/10/13 20:37:19 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll
MOD - [2011/10/13 20:36:54 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll
MOD - [2011/10/13 20:36:33 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll
MOD - [2011/10/13 20:36:25 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 20:35:05 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/08/18 10:05:54 | 002,751,808 | ---- | M] () -- C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/08/14 10:58:52 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2010/04/11 08:17:08 | 000,688,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2010/04/11 08:17:08 | 000,143,360 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2010/04/11 08:17:07 | 000,847,872 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
MOD - [2010/04/11 08:17:07 | 000,782,336 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
MOD - [2010/04/11 08:17:07 | 000,528,384 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
MOD - [2010/04/11 08:17:07 | 000,462,848 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
MOD - [2010/04/11 08:17:07 | 000,237,568 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2010/04/11 08:17:07 | 000,155,648 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
MOD - [2010/04/11 08:17:06 | 002,236,416 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
MOD - [2010/04/11 08:17:06 | 001,396,736 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
MOD - [2010/04/11 08:17:06 | 000,868,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
MOD - [2010/04/11 08:17:04 | 000,010,240 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
MOD - [2010/04/11 08:17:03 | 000,090,112 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2010/04/11 08:17:03 | 000,044,544 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2010/04/11 08:17:02 | 000,406,016 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2010/04/11 08:17:02 | 000,129,536 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\kpries40.dll
MOD - [2010/04/11 08:17:02 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2010/04/11 08:17:02 | 000,052,224 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2010/04/11 08:17:01 | 001,564,672 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\areaifdll.dll
MOD - [2010/04/11 08:17:01 | 000,471,040 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2010/04/11 08:17:01 | 000,356,352 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2010/04/11 08:17:01 | 000,264,192 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2010/04/11 08:17:01 | 000,062,464 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2010/04/11 08:17:00 | 000,339,968 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2010/04/11 08:17:00 | 000,315,392 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2010/04/11 08:17:00 | 000,233,984 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2010/04/11 08:17:00 | 000,098,304 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2010/04/11 08:17:00 | 000,084,480 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
MOD - [2010/04/11 08:16:59 | 000,171,520 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2010/04/11 08:16:59 | 000,152,576 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2010/04/11 08:16:58 | 011,503,616 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2010/04/11 08:16:58 | 000,761,856 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
MOD - [2010/04/11 08:16:58 | 000,684,032 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\ESEmail.esx
MOD - [2010/04/11 08:16:57 | 000,077,312 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/08/18 10:05:46 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe -- (N360)
SRV - [2009/02/18 23:30:20 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/11/19 09:47:24 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/10/28 16:42:30 | 000,156,968 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/02/25 15:38:16 | 000,099,568 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\dldtserv.exe -- (dldtCATSCustConnectService)
SRV - [2008/02/25 11:38:12 | 000,595,184 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dldtcoms.exe -- (dldt_device)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/19 11:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/12/03 08:35:04 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111230.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/03 08:35:04 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/03 08:35:04 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20111230.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/11/14 14:28:02 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/11/09 05:53:45 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/10/15 14:18:40 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/10/14 21:43:08 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/21 19:39:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS -- (SymDS)
DRV - [2010/11/15 20:45:33 | 000,136,312 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS -- (SymIRON)
DRV - [2008/12/18 22:43:48 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/12/18 22:43:40 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFVsp.sys -- (GzOFVsp)
DRV - [2008/12/16 01:43:48 | 000,054,400 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFMdm.sys -- (GzOFMdm)
DRV - [2008/12/16 01:43:48 | 000,033,408 | ---- | M] (DEVGURU Co., LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GzOFBus.sys -- (GzOFBus)
DRV - [2007/05/01 07:26:26 | 000,131,368 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/05/01 07:26:26 | 000,102,696 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/03/05 03:07:46 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/12/20 14:31:34 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2006/12/07 23:25:00 | 004,456,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006/11/01 18:50:00 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/18 13:08:18 | 000,258,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/08/04 19:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 82 A4 95 0C C4 CC 01 [binary data]
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/10/19 04:54:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2011/12/30 08:41:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4 - HKLM..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &ieSpell Options - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Check &Spelling - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files\ieSpell\Merriam Webster.HTM ()
O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files\ieSpell\wikipedia.HTM ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll (Red Egg Software)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2519207516-3531264281-3220632969-1000\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{936F5662-F742-42F8-9394-D480B27297A0}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Bruce\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 17:01:00 | 000,000,053 | -HS- | M] () - D:\AUTORUN.INF -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/30 15:41:14 | 000,000,000 | ---D | C] -- C:\Users\Bruce\AppData\Roaming\Malwarebytes
[2011/12/30 15:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/30 15:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/30 15:40:59 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/30 15:40:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/26 15:08:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/21 19:42:15 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2011/12/16 07:57:37 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/16 07:57:35 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/16 07:57:35 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/16 07:57:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/16 07:57:34 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/16 07:57:32 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/15 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/15 19:04:03 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/15 19:04:00 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/15 10:30:19 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 10:30:18 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 10:30:15 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 10:30:13 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 10:30:11 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/15 10:30:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/12 21:07:39 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder (3)
[2011/12/06 18:28:27 | 000,000,000 | ---D | C] -- C:\Users\Bruce\Desktop\New Folder
[2008/09/06 13:06:55 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2008/09/06 13:06:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2008/09/06 13:06:46 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2008/09/06 13:06:44 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2008/09/06 13:06:43 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2008/09/06 13:06:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2008/09/06 13:06:41 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2008/09/06 13:06:40 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2008/09/06 13:06:37 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2008/09/06 13:06:36 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2008/09/06 13:06:32 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2008/09/06 13:06:31 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2008/09/06 13:06:31 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2008/09/06 13:06:29 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/30 18:41:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 18:41:37 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/30 18:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/30 16:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/30 15:41:03 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:08:51 | 000,074,657 | ---- | M] () -- C:\Users\Bruce\Desktop\#3.htm
[2011/12/30 14:59:31 | 000,008,871 | ---- | M] () -- C:\Users\Bruce\Desktop\downloadget.htm
[2011/12/30 14:56:28 | 000,037,251 | ---- | M] () -- C:\Users\Bruce\Desktop\downloadav-ppc_1.htm
[2011/12/30 14:43:28 | 000,074,657 | ---- | M] () -- C:\Users\Bruce\Desktop\download malwareebytes'anti malware.htm
[2011/12/30 14:41:35 | 000,074,616 | ---- | M] () -- C:\Users\Bruce\Desktop\download.htm
[2011/12/30 14:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/30 08:48:03 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/30 08:48:03 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/30 08:41:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/29 21:25:33 | 000,002,714 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/12/27 20:40:22 | 000,139,264 | ---- | M] () -- C:\Users\Bruce\Desktop\SystemLook.exe
[2011/12/27 20:19:23 | 000,313,424 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/25 22:17:03 | 024,664,064 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mb
[2011/12/21 20:05:32 | 000,879,683 | ---- | M] () -- C:\Users\Bruce\Desktop\SecurityCheck.exe
[2011/12/21 19:42:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bruce\Desktop\OTL.exe
[2011/12/20 22:45:23 | 047,326,208 | R--- | M] () -- C:\Users\Public\Documents\ESBK.mbb
[2011/12/15 19:04:55 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/09 22:08:06 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Bruce.job
[2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/02 08:34:49 | 000,000,000 | ---- | M] () -- C:\Users\Bruce\Documents\ATT00682.jpg
[2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2011/12/01 15:10:45 | 000,001,854 | ---- | M] () -- C:\Users\Bruce\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/12/01 15:10:01 | 000,001,245 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/30 15:41:03 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 15:08:51 | 000,074,657 | ---- | C] () -- C:\Users\Bruce\Desktop\#3.htm
[2011/12/30 14:59:31 | 000,008,871 | ---- | C] () -- C:\Users\Bruce\Desktop\downloadget.htm
[2011/12/30 14:56:28 | 000,037,251 | ---- | C] () -- C:\Users\Bruce\Desktop\downloadav-ppc_1.htm
[2011/12/30 14:43:28 | 000,074,657 | ---- | C] () -- C:\Users\Bruce\Desktop\download malwareebytes'anti malware.htm
[2011/12/30 14:41:34 | 000,074,616 | ---- | C] () -- C:\Users\Bruce\Desktop\download.htm
[2011/12/27 20:40:22 | 000,139,264 | ---- | C] () -- C:\Users\Bruce\Desktop\SystemLook.exe
[2011/12/21 20:05:32 | 000,879,683 | ---- | C] () -- C:\Users\Bruce\Desktop\SecurityCheck.exe
[2011/12/15 19:04:54 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/02 08:34:48 | 000,000,000 | ---- | C] () -- C:\Users\Bruce\Documents\ATT00682.jpg
[2011/05/18 16:59:52 | 000,001,940 | ---- | C] () -- C:\Users\Bruce\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/09/16 18:25:32 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/16 18:25:32 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/11/17 17:34:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/06 13:08:36 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2008/09/06 13:08:32 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2008/09/06 13:07:02 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2008/09/06 13:06:45 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2008/09/06 13:06:39 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2008/09/06 13:06:39 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2008/09/06 13:06:38 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2008/09/06 13:06:38 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2008/09/06 13:06:35 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2008/09/06 13:06:33 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2008/09/06 13:06:33 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2008/09/06 13:06:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2008/02/21 19:41:24 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 21:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2008/01/22 01:05:12 | 000,077,906 | ---- | C] () -- C:\Windows\System32\dldtcfg.dll
[2007/12/12 20:32:40 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2007/11/13 18:13:10 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/10/13 08:29:19 | 000,033,792 | ---- | C] () -- C:\Users\Bruce\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/13 08:21:35 | 000,002,714 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/04/28 13:41:50 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/10 08:26:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,313,424 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll

========== LOP Check ==========

[2008/03/30 13:01:26 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Leadertech
[2010/12/10 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\PCDr
[2009/01/29 18:44:10 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Skinux
[2010/08/15 07:12:49 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Tific
[2011/01/05 20:20:57 | 000,000,000 | ---D | M] -- C:\Users\Bruce\AppData\Roaming\Uniblue
[2011/12/05 18:38:18 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/29 21:25:32 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/30 14:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job
[2010/09/03 20:24:56 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{40FFB3E6-5C62-43BA-803E-82D3168ED07A}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 804 bytes -> C:\Users\Bruce\Documents\Fwd_ [Fwd_ FW_ S.Y.B.S.T.D.].eml:OECustomProperty

< End of report >

OTL Extras logfile created on: 12/30/2011 7:51:48 PM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bruce\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 0.93 Gb Available Physical Memory | 48.11% Memory free
4.11 Gb Paging File | 2.76 Gb Available in Paging File | 67.10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.79 Gb Total Space | 109.66 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.69 Gb Free Space | 56.86% Space Free | Partition Type: NTFS

Computer Name: BRUCE-PC | User Name: Bruce | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C71FE6-FD48-485C-AF13-3808DC87F217}" = rport=138 | protocol=17 | dir=out | app=system |
"{0614EFC1-D649-4348-9388-4DDE71007316}" = rport=139 | protocol=6 | dir=out | app=system |
"{143FB136-D8E0-4AA0-B5A9-8C8D8064AABD}" = lport=137 | protocol=17 | dir=in | app=system |
"{41937103-B807-4395-82F0-5DF463440BDE}" = rport=137 | protocol=17 | dir=out | app=system |
"{4B351C59-02A7-4868-81B3-0AEB069AB52A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{63D50AA6-4DCA-4A6B-B677-8088ED6F04BF}" = lport=445 | protocol=6 | dir=in | app=system |
"{6AE72094-FDDC-4ACD-BE11-0B837B2B8841}" = lport=138 | protocol=17 | dir=in | app=system |
"{7CC836D6-6F69-43B3-B802-11CFD279CB06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{87829809-6925-44EC-B0F4-9FD38BD5424C}" = rport=445 | protocol=6 | dir=out | app=system |
"{AAAA0641-7FD8-4D52-83A0-F02BE7821F5C}" = lport=139 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{011558CB-9AD7-43BA-9799-60F9CC69854D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{078680B7-2530-4CDC-A0F3-6259239A5BE1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{0C01E7FA-7331-4A63-81A7-22B4F6980655}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"{1890D10E-D950-4AB2-8144-2ABBBB54D52A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{34980A69-2428-46A5-AAB5-3EA8BA49BF92}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3A4F0DC8-415B-48D7-BAD8-612A8EFD67BA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{3C2F3189-ACE2-4514-AC48-BA372DCA9BBD}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{548FE892-E2C1-4734-9622-CDC154D8950A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
"{56D766BF-352A-4538-A6ED-210C372318B2}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{5AF716DF-7D29-476C-9B19-47C1AC2E9A23}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{680F9F34-4315-4B4B-9BC5-DD706129F1ED}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtamon.exe |
"{6E3C1CE7-99DA-4F6C-A4D1-81B6581ADABD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{84C0CD36-566D-4FBA-8BC7-8CFD02AD49A1}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldttime.exe |
"{936A5380-2522-4AB3-AF91-F5B127DC6F4F}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{A2BA0F5E-0619-47FF-874A-AD28EE49D254}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{A764267E-DFFB-4736-A41F-2A30D2444975}" = protocol=17 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{A8A24D1E-68FC-4065-8C3E-A22C7F14B4A9}" = protocol=6 | dir=in | app=c:\program files\dell v305\frun.exe |
"{B9AEF5AB-16EA-447E-BC82-78B3832C8520}" = protocol=6 | dir=in | app=c:\windows\system32\dldtcoms.exe |
"{BAAE4544-A02D-42C3-8D4E-05CF6655B595}" = protocol=17 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{C3C84773-D758-480E-A42B-40A86D8CD75A}" = protocol=6 | dir=in | app=c:\program files\dell v305\dldtmon.exe |
"{C4B812CF-49A9-4FC5-A0D8-7D71AD891495}" = protocol=17 | dir=in | app=c:\program files\dell v305\frun.exe |
"{D295D8C1-4942-4798-9DEC-3BC89FD808D2}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D58EA2EE-3ABF-4C74-9B1E-63F73876DEF3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EFFEC8CA-527A-4187-A197-0EA5FA88C14D}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\dldtpswx.exe |
"{F061D39C-4EA5-4406-A2CB-F89E392DC400}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F4ACB043-CE5C-4E51-8754-58F695A6084D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{23170F69-40C1-2701-0920-000001000000}" = 7-Zip 9.20
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5E68BB65-4059-4FE5-AAC4-0CD1D79BBDE2}" = EarthLink Setup Files
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{820B6609-4C97-3A2B-B644-573B06A0F0CC}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9060B698-2B29-4A1F-B876-BEAC4C0A25D5}" = KhalSetup
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93762E6-8EA6-4E7F-9557-64E51AA3AB84}" = CASIO USB Driver V1.0.8003.1229
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB5E0F3-86EA-4379-8A2F-1BC2436543E9}" = iCloud
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Boxster Models" = Boxster Models 1.0
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 PCI V.92 Modem
"Dell Support Center" = Dell Support Center
"Dell V305" = Dell V305
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ieSpell" = ieSpell
"InstallShield_{71883667-71F2-48A1-AB72-28D518D8AC4A}" = Seagate Manager Installer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"N360" = Norton Security Suite
"NVIDIA Drivers" = NVIDIA Drivers

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2011 3:26:06 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

Error - 12/29/2011 9:16:21 AM | Computer Name = Bruce-PC | Source = Application Error | ID = 1000
Description = Faulting application AppleSyncNotifier.exe, version 1.6.77.0, time
stamp 0x4e8d6886, faulting module unknown, version 0.0.0.0, time stamp 0x00000000,
exception code 0xc0000005, fault offset 0x6f5953a0, process id 0xf40, application
start time 0x01ccc62c0bee1897.

Error - 12/29/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
Description =

Error - 12/29/2011 3:00:06 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

Error - 12/30/2011 3:00:05 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1010
Description =

Error - 12/30/2011 3:00:07 PM | Computer Name = Bruce-PC | Source = Perflib | ID = 1008
Description =

Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 169.254.163.251:5353 4 Bruce-PC.local.
Addr 169.254.163.251

Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Resetting to Probing: 4 Bruce-PC.local.
Addr 192.168.1.2

Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 169.254.163.251:5353 4 Bruce-PC.local.
Addr 169.254.163.251

Error - 12/30/2011 8:33:30 PM | Computer Name = Bruce-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Resetting to Probing: 16 Bruce-PC.local.
AAAA FE80:0000:0000:0000:8414:AF42:0FF4:0B33

[ Dell Events ]
Error - 12/11/2010 8:29:21 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:29:21 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:37:42 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 12/11/2010 8:37:42 AM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/9/2011 9:44:01 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 1/9/2011 9:44:01 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

Error - 7/14/2011 9:18:25 PM | Computer Name = Bruce-PC | Source = DataSafe | ID = 17
Description = The process was interrupted before completion.

[ Media Center Events ]
Error - 12/16/2007 6:54:04 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 12/16/2007 8:41:56 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/24/2008 6:49:07 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/29/2008 7:09:17 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/1/2008 6:51:43 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/4/2008 6:34:19 AM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 2:18:22 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 9:16:15 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/22/2008 5:49:06 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 1/17/2009 6:35:28 PM | Computer Name = Bruce-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 12/29/2011 9:14:08 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/29/2011 9:14:48 AM | Computer Name = Bruce-PC | Source = DCOM | ID = 10010
Description =

Error - 12/29/2011 9:16:40 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/29/2011 9:17:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/30/2011 9:43:11 AM | Computer Name = Bruce-PC | Source = Service Control Manager | ID = 7011
Description =


< End of report >

Bruce C
2011-12-31, 03:26
SystemLook 30.07.11 by jpshortstuff
Log created at 20:19 on 30/12/2011 by Bruce
Administrator - Elevation successful

========== filefind ==========

Searching for "12*2011_*.log"
C:\_OTL\MovedFiles\12262011_150845.log --a---- 87008 bytes [20:18 26/12/2011] [20:24 26/12/2011] A099FF46D1C2A4F42CC9AB9E5908681A
C:\_OTL\MovedFiles\12272011_185541.log --a---- 25374 bytes [23:58 27/12/2011] [01:21 28/12/2011] 4AEBB579D988F7CC61C2B89521D0D627

-= EOF =

Bruce C
2011-12-31, 03:34
No problems ,I don't think,
steps 2,3,4,5 ok
The computer runs well ,.But during this my home page switched from Comcast to MSN on its own.Thank you for all of your patience and Help , Bruce

Scolabar
2011-12-31, 19:03
Hi Bruce C,

Thank you for the logs and update. :)
Thank you also for letting me know about your experience downloading MalwareBytes' AntiMalware. I will look into that. ;)


The computer runs well ,.But during this my home page switched from Comcast to MSN on its own.You can reset your default home page by following the instructions provided Here (http://windows.microsoft.com/en-GB/windows7/Change-your-Internet-Explorer-9-home-page).

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

We will be making changes to the Registry again. Please create another System Restore Point following the instructions as provided previously before continuing any further.

Step 2:
Java Runtime Environment Update Needed!

Your existing installation of the Java Runtime Environment is out of date.
Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please download the latest installer from HERE (http://www.oracle.com/technetwork/java/javase/downloads/index.html)
Locate the Java SE 7u2 section.
Click on the Download JRE button to the right.
Select the Accept License Agreement option to accept the Oracle Binary Code License Agreement for Java SE in order to download the software.
Locate the entry for Windows x86 Offline, click on the file named jre-7u2-windows-i586.exe and Save it to your Desktop.
Close all active windows.
Select Start > Control Panel > Programs > Programs and Features.
Uninstall the following old version of the Java Runtime Environment:
Java(TM) SE Runtime Environment 6
When the removal has been completed close the Programs and Features window along with any others remaining open.
Right-click on jre-7u2-windows-i586.exe and select the Run As Administrator option to run the installer. If you receive a UAC prompt, please allow it.
Then follow the on-screen instructions to complete the installation.
IMPORTANT NOTE: If offered at any stage during the installation, make sure the option to install the Ask Toolbar is UNCHECKED.
Step 3:
OTL - Script

Next we need to run another OTL script.

**IMPORTANT** Please temporarily disable your Norton 360 Realtime Protection again. If active, it could impact fix.

Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code.

:otl
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {9D717F81-9148-4f12-8568-69135F087DB0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: LBTWIZ.EXE -silent File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

:files
C:\Users\Bruce\AppData\Roaming\Uniblue
ipconfig /flushdns /c

:commands
[emptytemp]
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL should ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.
Please Copy and Paste the contents of that report into your next reply.
Step 4:
ESET Online Scanner


Please Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted. Then right-click on it and select the Run As Administrator option to run the installer.
Please temporarily disable your Anti-virus real-time protection. If active, it could impact the online scan. Refer to This Howto Topic (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html), if necessary.
Right-click on your Internet Explorer or Firefox desktop icon and select the Run As Administrator option to launch the program.
Then please go to ESET Online Scanner (http://www.eset.com/us/online-scanner/run) - © ESET (All Rights Reserved) to run an online scan.
** Make sure you are using an account that has Administrative privileges **
Click on the ESET Online Scanner button.
Check the box next to "YES, I accept the Terms of Use."
Click Start.
A window will open. It may appear nothing is happening, but please be patient.
Click Yes to the run ActiveX prompt.
Click Install at the install ActiveX prompt.
Once installed, the scanner will be initialized.
Click on the Start button.
Make sure that the options:
Remove found threats is [b]UNCHECKED
Leave the "default" settings under Advanced as they are. If not set, please check:
Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Click on the Start button.
ESET scanner will begin to download the virus signatures database. When the signatures have been downloaded, the scan will start automatically.
Wait for the scan to finish. It may take a while but, again, please be patient. When the scan is finished:
Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt.
Copy and Paste the entire contents of log.txt into your next reply.
Remember to re-enable your Anti-virus protection before continuing!

Step 5:
SystemLook

Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the text in the code box below into SystemLook's main text entry window:

:contents
C:\_OTL\MovedFiles\12272011_185541.log
Click on the Look button to start the scan.
Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
A log file will be created on your Desktop named SystemLook.txt.
Please post the contents of the SystemLook.txt file in your next reply.
Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
OTL Script log results.
ESET log results.
SystemLook.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2012-01-02, 04:26
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File c:\Program Files\Java\jre1.6.0\bin\ssv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
File c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll not found.
C:\ProgramData\SPLA24A.tmp deleted successfully.
C:\ProgramData\SPLBC05.tmp deleted successfully.
C:\ProgramData\SPLBD01.tmp deleted successfully.
========== FILES ==========
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 582909 bytes
->Temporary Internet Files folder emptied: 255799268 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1658 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 180173 bytes

Total Files Cleaned = 245.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01012012_211833

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA484.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA48E.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4E2.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4ED.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA523.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA52D.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJI2829Q\showthread[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Bruce C
2012-01-02, 04:30
Correction: last post was labeled Step 6- It was actually step 3 OTL Script


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
File c:\Program Files\Java\jre1.6.0\bin\ssv.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bluetooth Connection Assistant deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
File c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll not found.
C:\ProgramData\SPLA24A.tmp deleted successfully.
C:\ProgramData\SPLBC05.tmp deleted successfully.
C:\ProgramData\SPLBD01.tmp deleted successfully.
========== FILES ==========
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\history folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue\RegistryBooster folder moved successfully.
C:\Users\Bruce\AppData\Roaming\Uniblue folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 582909 bytes
->Temporary Internet Files folder emptied: 255799268 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1658 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 450 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 180173 bytes

Total Files Cleaned = 245.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01012012_211833

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA484.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA48E.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4E2.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA4ED.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA523.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DFA52D.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LJI2829Q\showthread[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Scolabar
2012-01-02, 10:56
Hi Bruce C,

Please can you also post the ESET and SystemLook logs as requested in my last post. ;)


ESET log results.
SystemLook.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2012-01-02, 17:36
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application


C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\DnsBHO.dll a variant of Win32/Toolbar.SearchSuite application
C:\_OTL\MovedFiles\12262011_150845\C_Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll a variant of Win32/Toolbar.SearchSuite application

Scolabar
2012-01-03, 02:20
Hi Bruce C,

Thank you again for the logs. :)

Those files detected by the ESET scan will be dealt with in the final cleanup process. ;)
We're almost there. Please bear with me. :bigthumb:

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
SystemLook

Right-click on SystemLook.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the text in the code box below into SystemLook's main text entry window:

:filefind
*MS AntiSpyware 2009*

:folderfind
*MS AntiSpyware 2009*

:regfind
MS AntiSpyware 2009

:contents
C:\_OTL\MovedFiles\12272011_185541.log
Click on the Look button to start the scan.
Note: Because of the Registry searches involved this scan may take 15 minutes or longer to run on a large system. Please be patient and wait for the scan to complete.
When SystemLook has completed its task a Notepad window will automatically open showing the results of the scan.
A log file will be created on your Desktop named SystemLook.txt.
Please post the contents of the SystemLook.txt file in your next reply.
Step 2:
Include in Next Post

Did you have any problems carrying out the instructions?
SystemLook.txt.
How is the computer now running?

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Scolabar
2012-01-05, 10:20
Hi Bruce C,

It has been over 48 hours since my last post.

Do you still need help?
Do you need more time?
Are you having problems following my instructions?
In line with Safer-Networking's policy, topics will be closed after 3 days without a response.
If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2012-01-06, 13:51
I apologise for the delay since my last post . I try to complete each step when my wife is home as I often need her help ,but she works long days so its not always easy to get her assistance since she has so many other things to do when she is home. I'll give it a shot right now , as it still seems a little slow other than that it sometimes displays "cannot display page"
Thanks , Bruce

Bruce C
2012-01-06, 14:32
Hi Scolobar
No problem with instructions , however I did'nt see a SystemLook .txt on my Desktop so I copy and pasted the results here.Thanks Bruce
Log created at 07:14 on 06/01/2012 by Bruce
Administrator - Elevation successful

========== filefind ==========

Searching for "*MS AntiSpyware 2009*"
No files found.

========== folderfind ==========

Searching for "*MS AntiSpyware 2009*"
No folders found.

========== regfind ==========

Searching for "MS AntiSpyware 2009"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]
[HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]

========== contents ==========

C:\_OTL\MovedFiles\12272011_185541.log - Opened succesfully.

ÿþAll processes killed
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iLivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Searchqu Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Windows Searchqu Toolbar\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ilivid\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\ilivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\817FDB46B46DE8B4AAD499F1DAFF341D\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5A9327D31011C244A196F700637C701\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C6B84CEB2810F104BA0E5FC5C8EACD7E\\2B1E51D87B2D71A44BB42DDD5E894160 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2B1E51D87B2D71A44BB42DDD5E894160\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\"{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}"|"- /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid\ not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\92EVUHGP\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Bruce\AppData\Local\Temp\mia6549.tmp\iLividSetupV1.exe not found.
Registry value HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files\iLivid\ilivid.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BrowserConnection.Loader.1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E6A6D16-F99D-4C47-BB7E-BAD5708FCC25}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33A24A0A-DABD-49BD-8E2D-5C47809F5D7B}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BFCDC973-B85D-4568-B17B-0A367E15011A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFCDC973-B85D-4568-B17B-0A367E15011A}\ not found.
========== FILES ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk moved successfully.
C:\ProgramData\{B49A644A-1076-4A3D-B124-DAA7862F2318} folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid\iLivid Download Manager.lnk not found.
File\Folder C:\Users\All Users\{B49A644A-1076-4A3D-B124-DAA7862F2318} not found.
C:\Users\Public\Desktop\iLivid Download Manager.lnk moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLivid folder moved successfully.
File\Folder C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\iLivid not found.
File\Folder C:\Program Files\iLivid not found.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bruce\Desktop\cmd.bat deleted successfully.
C:\Users\Bruce\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 320628 bytes
->Temporary Internet Files folder emptied: 63747516 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1867 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 90 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 27648 bytes

Total Files Cleaned = 61.00 mb

Error: Unable to interpret <[resethosts]Then click the Run Fix button at the > in the current context!

OTL by OldTimer - Version 3.2.31.0 log created on 12272011_185541

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF937D.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF9389.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF93DB.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF93E7.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF9421.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF942D.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\0f0ca97dac[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\blank[1].gif moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\blank[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\ProductDisplay[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\DMFZI5XP\showthread[2].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\mybostonharley_com[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\questionshome[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CJUL4508\reviews[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3B7SFPP4\proxy[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Scolabar
2012-01-07, 11:48
Hi Bruce C,

Thank you again for the logs and feedback. :)

Please can I remind you to post an update to keep this topic "live" as I had requested the topic to be closed. ;)


... it still seems a little slow other than that it sometimes displays "cannot display page"I am going to ask you to run some additional checks. ;)

Again, please remember to read the instructions below carefully before executing and perform the steps, in the order given.
If you have any questions about or problems executing these instructions, <STOP> do not proceed, post back with the question or problem before going any further.

Before we proceed please make sure any open programs are closed.

Step 1:
Create System Restore Point

Please create another System Restore Point following the instructions previously posted before continuing any further.

Step 2:
Backup MBR

As a precaution I am going to ask you to back up your PC's Master Boot Record:

Please download MBRBackup (http://www.misec.net/products/MBRBackup.exe) © Mischel Internet Security Ltd and save it to your Desktop.
Double-click MBRBackup.exe to launch the program.
Click SaveMBR (top left corner) and save the backup file to your Desktop.
It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
Exit the program.
I strongly advise that you keep a copy of this backup stored on an external device - on an external hard drive, CD/DVD or USB flash drive - for peace of mind.
Step 3:
OTL - Script

Next we need to run another OTL script.

**IMPORTANT** Please temporarily disable your Norton 360 Realtime Protection again. If active, it could impact fix.

Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code.

:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]
[-HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7]

:commands
[emptytemp]
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL should ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.
Please Copy and Paste the contents of that report into your next reply.
Step 4:
Rootkit UnHooker (RkU)

Please download Rootkit UnHooker (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE). Save it to your Desktop.
Please Note: The resulting log file can be very long. You may need to post it separately.

Right-click on RKUnhookerLE.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
Click the Report tab, then click Scan.
Check the Drivers, Stealth Code, Files and Code Hooks options.
Uncheck the rest of the options. Then click on the OK button. (See the image below for reference.)
http://i526.photobucket.com/albums/cc345/MPKwings/RKUcheck-1.gif
The scanning will toggle through the Checked items "tabs". This can take a while, so please be patient.
When the scanner is finished, select File > Save Report.
Save the file Report.txt to your Desktop.
Click on the Close button and then click the Yes button to confirm.
Copy and Paste the entire contents of the Report.txt file into you're next reply.
Step 5:
MBRCheck - Scan

Please download MBRCheck.exe (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) © a_d_13 to your Desktop.
Alternate links: Link 2 (http://ad13.geekstogo.com/MBRCheck.exe) or Link 3 (http://www.kernelmode.info/MBRCheck.exe)
Right-click on MBRCheck.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
A small black window will open with some information. Please do not fix anything (- if it gives you an option).
If an unknown boot code is detected additional options will be presented. At this time press N then press Enter twice to continue.
When the scan has completed you should see the message Done! Press ENTER to exit... Press Enter to exit the program.
A file named MBRCheck_mm.dd.yy_hh.mm.ss.txt will appear on your Desktop.
Please Copy and Paste the entire contents of the MBRCheck_mm.dd.yy_hh.mm.ss.txt file into your next reply.
Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
OTL.txt.
Report.txt.
MBRCheck_mm.dd.yy_hh.mm.ss.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2012-01-09, 05:18
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2519207516-3531264281-3220632969-1000\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MS AntiSpyware 2009 5.7\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bruce
->Temp folder emptied: 523043 bytes
->Temporary Internet Files folder emptied: 202610430 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3006 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7290 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 194.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01082012_220908

Files\Folders moved on Reboot...
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2AF2.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2AFE.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2B56.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2B6F.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2BA7.tmp not found!
File\Folder C:\Users\Bruce\AppData\Local\Temp\~DF2BBD.tmp not found!
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TG91WWCK\showthread[1].htm moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\Bruce\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

Registry entries deleted on Reboot...

Bruce C
2012-01-09, 06:02
I completed step 4 but was unable to copy and paste it and in the prosses I lost it . Thats as far as I can go tonight as I have to bring my wife to the Hospital early tommorow . Tha computer runs much better and if you want to call it quits now thats OK by me. Thank you very much for all of your help , Bruce:)

Scolabar
2012-01-09, 16:13
Hi Bruce C,

Thanks for the feedback and OTL log. :)
Having got this far and if you are happy to continue, it would be good if you could post the logs from the last two steps of my last set of instructions to confirm that the MBR and rootkit scans come back clean, for peace of mind. ;)

Just try running steps 4 and 5 again and make sure you Save the Report.txt file to your Desktop in step 4 this time.

Step 6:
Include in Next Post

Did you have any problems carrying out the instructions?
Report.txt.
MBRCheck_mm.dd.yy_hh.mm.ss.txt.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Bruce C
2012-01-11, 17:00
Ok I'll give it a shot. Thanks ., Bruce

Bruce C
2012-01-11, 19:42
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8D40C000 C:\Windows\system32\DRIVERS\nvlddmkm.sys 4456448 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 97.46 )
0x8244C000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x8244C000 PnpManager 3907584 bytes
0x8244C000 RAW 3907584 bytes
0x8244C000 WMIxWDM 3907584 bytes
0x9B680000 Win32k 2113536 bytes
0x9B680000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xA5A0A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120108.006\NAVEX15.SYS 1572864 bytes (Symantec Corporation, AV Engine)
0x88209000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x83001000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8C600000 C:\Windows\system32\DRIVERS\HSX_DPV.sys 1060864 bytes (Conexant Systems, Inc., HSF_DP driver)
0x83204000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x80463000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xA0ADC000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x9280C000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys 835584 bytes (Symantec Corporation, BASH Driver)
0x82A6A000 C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS 765952 bytes (Symantec Corporation, Symantec Extended File Attributes)
0x8C703000 C:\Windows\system32\DRIVERS\HSX_CNXT.sys 737280 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x9FC06000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x91C07000 C:\Windows\system32\drivers\stwrt.sys 667648 bytes (SigmaTel, Inc., NDRC)
0x8D84C000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x83309000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0xA5604000 C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS 548864 bytes (Symantec Corporation, Symantec AutoProtect)
0x9295B000 C:\Windows\System32\Drivers\bthport.sys 524288 bytes (Microsoft Corporation, Bluetooth Bus Driver)
0x80543000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x82B2E000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x9FCD9000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x92393000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0x92335000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120106.002\IDSvix86.sys 385024 bytes (Symantec Corporation, IDS Core Driver)
0x91D98000 C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS 364544 bytes (Symantec Corporation, Network Dispatch Driver)
0x82A03000 C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS 356352 bytes (Symantec Corporation, Symantec Data Store)
0xA0A87000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x8D97D000 C:\Windows\system32\DRIVERS\HSXHWBS2.sys 303104 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0x806A8000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x92203000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x8060C000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80422000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x80749000 C:\Windows\system32\drivers\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x8D902000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x922EF000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x83137000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0xA0A0E000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88319000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x831A4000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x82419000 ACPI_HAL 208896 bytes
0x82419000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x8078A000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x9224B000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8C7C4000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x91CAA000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8310C000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D9C7000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x807BC000 C:\Windows\system32\DRIVERS\rfcomm.sys 167936 bytes (Microsoft Corporation, Bluetooth RFCOMM Driver)
0xA0BBA000 C:\Windows\System32\Drivers\fastfat.SYS 163840 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xA0A5F000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88369000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x80663000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x82B9F000 C:\Windows\system32\Drivers\SYMEVENT.SYS 155648 bytes (Symantec Corporation, Symantec Event Library)
0x91CD7000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x922B4000 C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS 147456 bytes (Symantec Corporation, Iron Driver)
0x833AD000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8071B000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x9FD91000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x91D2F000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x9FDB2000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x82BC5000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 122880 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0x9FD46000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x832EE000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x807E5000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x929E5000 C:\Windows\system32\DRIVERS\bthpan.sys 106496 bytes (Microsoft Corporation, Bluetooth Personal Area Networking)
0x9FD63000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x80702000 C:\Windows\system32\drivers\nvraid.sys 102400 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) RAID Driver)
0x8D94F000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xA0A47000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x82BE3000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x83396000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x928D8000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xA5B9E000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x9227D000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x91D82000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x9FD7C000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x83172000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x928FC000 C:\Windows\system32\DRIVERS\USBSTOR.SYS 86016 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0x9FDD1000 C:\Windows\system32\DRIVERS\WUDFRd.sys 86016 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Reflector)
0xA5B8A000 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120108.006\NAVENG.SYS 81920 bytes (Symantec Corporation, AV Engine)
0x833DF000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x831EA000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x9FCC6000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x922A1000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x9FDE6000 C:\Windows\system32\DRIVERS\WUDFPf.sys 73728 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x88390000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x831D9000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x80409000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x883E2000 C:\Windows\system32\DRIVERS\amdk8.sys 65536 bytes (Microsoft Corporation, Processor Device Driver)
0x8D96D000 C:\Windows\system32\DRIVERS\bcm4sbxp.sys 65536 bytes (Broadcom Corporation, Broadcom Corporation NDIS 5.1 ethernet driver)
0x82A5A000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x9291A000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x9FCB6000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x806F2000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x83187000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x883B4000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x8835A000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x8068A000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x833D0000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D940000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x80699000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x9B8C0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x92293000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x91D6B000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x9294E000 C:\Windows\System32\Drivers\BTHUSB.sys 53248 bytes (Microsoft Corporation, Bluetooth Miniport Driver)
0x9292A000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x92941000 C:\Windows\System32\Drivers\dump_nvstor.sys 53248 bytes
0x8C7B7000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8073C000 C:\Windows\system32\drivers\nvstor.sys 53248 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0x83197000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x928EF000 C:\Windows\system32\DRIVERS\usbscan.sys 53248 bytes (Microsoft Corporation, USB Scanner Driver)
0x805BF000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0x92800000 C:\Windows\system32\DRIVERS\hidbth.sys 49152 bytes (Microsoft Corporation, Bluetooth Miniport Driver for HID Devices)
0xA0BEC000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x91D23000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8D8EC000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D400000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x883F2000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x91D60000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D9F1000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x922D8000 C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS 45056 bytes (Symantec Corporation, Symantec AutoProtect)
0x8C7F3000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x883CE000 C:\Windows\system32\DRIVERS\tunnel.sys 45056 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x929DB000 C:\Windows\system32\DRIVERS\BthEnum.sys 40960 bytes (Microsoft Corporation, Bluetooth Bus Extender)
0x92937000 C:\Windows\System32\Drivers\dump_diskdump.sys 40960 bytes
0x883AA000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x833F3000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x9232B000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xA0BE2000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8D8F8000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x922E3000 C:\Windows\system32\DRIVERS\usbprint.sys 40960 bytes (Microsoft Corporation, USB Printer driver)
0xA5BB4000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x883A1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x91CFC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x92911000 C:\Windows\system32\DRIVERS\hidusb.sys 36864 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x91DF1000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x82B25000 C:\Windows\System32\Drivers\PxHelp20.sys 36864 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0x91D79000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x9B8A0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x883D9000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x80652000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x8041A000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x923F1000 C:\Windows\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0x88200000 C:\Windows\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0x91D13000 C:\Windows\system32\DRIVERS\mouhid.sys 32768 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0x8065B000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x91D50000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x91D58000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x88352000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0xA0BF8000 C:\Windows\system32\DRIVERS\xaudio.sys 32768 bytes (Conexant Systems, Inc., Modem Audio Device Driver)
0x91D0C000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x91D1C000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x80402000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0x91D05000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8D967000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xA0AD8000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xA0AD6000 C:\Windows\system32\DRIVERS\dsunidrv.sys 8192 bytes (Gteko Ltd., GUniDriver)
0x8C7FE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x922ED000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x824F47AA-->824F47B1 [ntkrnlpa.exe]
[4736]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x763C847D-->69D56323 [ieframe.dll]
[4736]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x763B2EF5-->69D562BE [ieframe.dll]
[4736]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x763C8152-->69D56259 [ieframe.dll]
[4736]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x763B10B0-->69B6170B [ieframe.dll]
[4736]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7638CD8B-->69C09A14 [ieframe.dll]
[4736]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x763DD639-->69D56103 [ieframe.dll]
[4736]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x763DD65D-->69D5609F [ieframe.dll]
[4736]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x763DD4D9-->69D561E0 [ieframe.dll]
[4736]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x763DD5D3-->69D56167 [ieframe.dll]
[744]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->677C47BB [IEShims.dll]
[744]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->677C47BB [IEShims.dll]
[744]iexplore.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->677DBC51 [IEShims.dll]
[744]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->677C63E7 [IEShims.dll]
[744]iexplore.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->677DC811 [IEShims.dll]
[744]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->677C47BB [IEShims.dll]
[744]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77B6111C-->677C6D22 [IEShims.dll]
[744]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77B61110-->677C5EC7 [IEShims.dll]
[744]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77B61174-->677C4E2B [IEShims.dll]
[744]iexplore.exe-->gdi32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77B611AC-->677D029E [IEShims.dll]
[744]iexplore.exe-->kernel32.dll+0x00001CB3, Type: Inline - RelativeJump 0x76B41CB3-->034700F7 [unknown_code_page]
[744]iexplore.exe-->kernel32.dll+0x00001DBE, Type: Inline - RelativeJump 0x76B41DBE-->03470319 [unknown_code_page]
[744]iexplore.exe-->kernel32.dll+0x00029DA6, Type: Inline - RelativeJump 0x76B69DA6-->034703CF [unknown_code_page]
[744]iexplore.exe-->kernel32.dll+0x0004AF70, Type: Inline - RelativeJump 0x76B8AF70-->03470263 [unknown_code_page]
[744]iexplore.exe-->kernel32.dll+0x00095D4F, Type: Inline - RelativeJump 0x76BD5D4F-->034701AD [unknown_code_page]
[744]iexplore.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x76B8CB2E-->69BC7303 [ieframe.dll]
[744]iexplore.exe-->kernel32.dll-->HeapCreate, Type: Inline - RelativeJump 0x76B69DAB-->76B69DA6 [kernel32.dll]
[744]iexplore.exe-->kernel32.dll-->SetProcessDEPPolicy, Type: Inline - RelativeJump 0x76BD5D54-->76BD5D4F [kernel32.dll]
[744]iexplore.exe-->kernel32.dll-->VirtualAlloc, Type: Inline - RelativeJump 0x76B8AF75-->76B8AF70 [kernel32.dll]
[744]iexplore.exe-->kernel32.dll-->VirtualProtect, Type: Inline - RelativeJump 0x76B41DC3-->76B41DBE [kernel32.dll]
[744]iexplore.exe-->kernel32.dll-->WriteProcessMemory, Type: Inline - RelativeJump 0x76B41CB8-->76B41CB3 [kernel32.dll]
[744]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x6D64123C-->677C47BB [IEShims.dll]
[744]iexplore.exe-->ntdll.dll-->NtMapViewOfSection, Type: Inline - RelativeJump 0x777A4974-->0347003A [unknown_code_page]
[744]iexplore.exe-->shell32.dll+0x000889A8, Type: Inline - PushRet 0x76CA89A8-->C1677D01 [unknown_code_page]
[744]iexplore.exe-->shell32.dll+0x000889A9, Type: Code Mismatch 0x76CA89A9 + 559529 [01 7D 67]
[744]iexplore.exe-->shell32.dll+0x000889B0, Type: Inline - RelativeJump 0x76CA89B0-->76CA8A1F [shell32.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->677DBC51 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateDirectoryW, Type: IAT modification 0x768E13B0-->677C6291 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->677C63E7 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateHardLinkW, Type: IAT modification 0x768E11A4-->677DC49D [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x768E12E8-->677D7F4F [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->677DC811 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x768E132C-->677DF94D [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x768E1328-->677DFCF6 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x768E1114-->677E07CA [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetBinaryTypeW, Type: IAT modification 0x768E1280-->677D9F4B [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesA, Type: IAT modification 0x768E1370-->677D0ADF [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesExW, Type: IAT modification 0x768E14A4-->677D968F [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetFileAttributesW, Type: IAT modification 0x768E13BC-->677C5F62 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetLongPathNameW, Type: IAT modification 0x768E14EC-->677D997F [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileIntW, Type: IAT modification 0x768E1390-->677DA249 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionNamesW, Type: IAT modification 0x768E1164-->677DA89F [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileSectionW, Type: IAT modification 0x768E1100-->677DA56D [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x768E13A0-->677DABDB [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameA, Type: IAT modification 0x768E136C-->677D9AF3 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->GetShortPathNameW, Type: IAT modification 0x768E1428-->677D9C69 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x768E14E0-->677C6D22 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x768E1284-->677C5EC7 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x768E1448-->677C4E2B [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->677DE0C1 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->677DE089 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->RemoveDirectoryW, Type: IAT modification 0x768E13AC-->677DEE67 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->ReplaceFileW, Type: IAT modification 0x768E1140-->677DE457 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x768E1384-->677D029E [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x768E124C-->677DF500 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->677D939B [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileSectionW, Type: IAT modification 0x768E1168-->677DB245 [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x768E116C-->677DB56B [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->ntdll.dll-->NtQueryDirectoryFile, Type: IAT modification 0x768E2320-->677D8C1A [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->user32.dll-->LoadImageW, Type: IAT modification 0x768E1890-->677DCB0F [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->user32.dll-->PrivateExtractIconsW, Type: IAT modification 0x768E1A6C-->677DD11F [IEShims.dll]
[744]iexplore.exe-->shell32.dll-->user32.dll-->WinHelpW, Type: IAT modification 0x768E191C-->677DD6BF [IEShims.dll]
[744]iexplore.exe-->user32.dll-->advapi32.dll-->RegCloseKey, Type: IAT modification 0x77D5154C-->677C6692 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->677D19CA [IEShims.dll]
[744]iexplore.exe-->user32.dll-->advapi32.dll-->RegDeleteKeyW, Type: IAT modification 0x77D51544-->677E33C5 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->advapi32.dll-->RegEnumValueW, Type: IAT modification 0x77D51524-->677D0E28 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->677C60B5 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryInfoKeyW, Type: IAT modification 0x77D51520-->677D1555 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->advapi32.dll-->RegQueryValueExW, Type: IAT modification 0x77D5152C-->677C7278 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x76388E3B-->69C27BB7 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->CreateDialogIndirectParamA, Type: Inline - RelativeJump 0x763A26F1-->69D56660 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->CreateDialogIndirectParamW, Type: Inline - RelativeJump 0x763A9A62-->69D56698 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->CreateDialogParamA, Type: Inline - RelativeJump 0x763A17AA-->69D565F0 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->CreateDialogParamW, Type: Inline - RelativeJump 0x763872A2-->69D56628 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->CreateWindowExA, Type: Inline - RelativeJump 0x7638DC2A-->69BD3363 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x76391305-->69C2FF8F [ieframe.dll]
[744]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - RelativeJump 0x7638DB88-->69BC952D [ieframe.dll]
[744]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - SEH 0x7638DB8D [unknown_code_page]
[744]iexplore.exe-->user32.dll-->DefWindowProcA, Type: Inline - SEH 0x7638DB8E [unknown_code_page]
[744]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - RelativeJump 0x763A03B4-->69C27C1A [ieframe.dll]
[744]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - SEH 0x763A03B9 [unknown_code_page]
[744]iexplore.exe-->user32.dll-->DefWindowProcW, Type: Inline - SEH 0x763A03BA [unknown_code_page]
[744]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x763C847D-->69D56323 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x763B2EF5-->69D562BE [ieframe.dll]
[744]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x763C8152-->69D56259 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x763B10B0-->69B6170B [ieframe.dll]
[744]iexplore.exe-->user32.dll-->EnableWindow, Type: Inline - RelativeJump 0x7638CD8B-->69C09A14 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->EndDialog, Type: Inline - RelativeJump 0x763B326E-->69D5702E [ieframe.dll]
[744]iexplore.exe-->user32.dll-->GetAsyncKeyState, Type: Inline - RelativeJump 0x7638863C-->69BADD8D [ieframe.dll]
[744]iexplore.exe-->user32.dll-->GetKeyState, Type: Inline - RelativeJump 0x76398CB1-->69BADC67 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->IsDialogMessage, Type: Inline - RelativeJump 0x763A1847-->69D56D5A [ieframe.dll]
[744]iexplore.exe-->user32.dll-->IsDialogMessageW, Type: Inline - RelativeJump 0x763A0745-->69D56D82 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->677DBC51 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->677C63E7 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x77D511B4-->677D7F4F [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->677DC811 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->FindClose, Type: IAT modification 0x77D511E4-->677DF94D [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->FindFirstFileW, Type: IAT modification 0x77D511EC-->677DFCF6 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->FindNextFileW, Type: IAT modification 0x77D511E8-->677E07CA [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->GetPrivateProfileStringW, Type: IAT modification 0x77D51328-->677DABDB [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->677C47BB [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77D51250-->677C6D22 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77D5115C-->677C5EC7 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77D512FC-->677C4E2B [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->677DE089 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->SearchPathW, Type: IAT modification 0x77D51154-->677D029E [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->SetCurrentDirectoryW, Type: IAT modification 0x77D511D8-->677DF500 [IEShims.dll]
[744]iexplore.exe-->user32.dll-->kernel32.dll-->WritePrivateProfileStringW, Type: IAT modification 0x77D512BC-->677DB56B [IEShims.dll]
[744]iexplore.exe-->user32.dll-->keybd_event, Type: Inline - RelativeJump 0x763DD972-->69D575AE [ieframe.dll]
[744]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x763DD639-->69D56103 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x763DD65D-->69D5609F [ieframe.dll]
[744]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x763DD4D9-->69D561E0 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x763DD5D3-->69D56167 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->SendInput, Type: Inline - RelativeJump 0x763B2F75-->69D575F1 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->SetCursorPos, Type: Inline - RelativeJump 0x763C6FB2-->69D576CA [ieframe.dll]
[744]iexplore.exe-->user32.dll-->SetKeyboardState, Type: Inline - RelativeJump 0x763B0987-->69D57649 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x763887AD-->69C02194 [ieframe.dll]
[744]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x763898DB-->69C4EB74 [ieframe.dll]
[744]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x63001400-->677C47BB [IEShims.dll]
[744]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->677C47BB [IEShims.dll]

Bruce C
2012-01-11, 19:56
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Dell Inc
BIOS Manufacturer: Dell Inc
System Manufacturer: Dell Inc
System Product Name: Dimension E521
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 159):
0x8240B000 \SystemRoot\system32\ntkrnlpa.exe
0x827C5000 \SystemRoot\system32\hal.dll
0x80407000 \SystemRoot\system32\kdcom.dll
0x8040E000 \SystemRoot\system32\PSHED.dll
0x8041F000 \SystemRoot\system32\BOOTVID.dll
0x80427000 \SystemRoot\system32\CLFS.SYS
0x80468000 \SystemRoot\system32\CI.dll
0x80548000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C4000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80607000 \SystemRoot\system32\drivers\acpi.sys
0x8064D000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80656000 \SystemRoot\system32\drivers\msisadrv.sys
0x8065E000 \SystemRoot\system32\drivers\pci.sys
0x80685000 \SystemRoot\System32\drivers\partmgr.sys
0x80694000 \SystemRoot\system32\drivers\volmgr.sys
0x806A3000 \SystemRoot\System32\drivers\volmgrx.sys
0x806ED000 \SystemRoot\System32\drivers\mountmgr.sys
0x806FD000 \SystemRoot\system32\drivers\nvraid.sys
0x80716000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x80737000 \SystemRoot\system32\drivers\nvstor.sys
0x80744000 \SystemRoot\system32\drivers\storport.sys
0x80785000 \SystemRoot\system32\drivers\fltmgr.sys
0x82A0E000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMDS.SYS
0x82A65000 \SystemRoot\system32\drivers\fileinfo.sys
0x82A75000 \SystemRoot\system32\drivers\N360\0501000.01D\SYMEFA.SYS
0x82B30000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x82B39000 \SystemRoot\System32\Drivers\ksecdd.sys
0x83001000 \SystemRoot\system32\drivers\ndis.sys
0x8310C000 \SystemRoot\system32\drivers\msrpc.sys
0x83137000 \SystemRoot\system32\drivers\NETIO.SYS
0x83204000 \SystemRoot\System32\drivers\tcpip.sys
0x832EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x88203000 \SystemRoot\System32\Drivers\Ntfs.sys
0x88313000 \SystemRoot\system32\drivers\volsnap.sys
0x8834C000 \SystemRoot\System32\Drivers\spldr.sys
0x88354000 \SystemRoot\System32\Drivers\mup.sys
0x88363000 \SystemRoot\System32\drivers\ecache.sys
0x8838A000 \SystemRoot\system32\drivers\disk.sys
0x8839B000 \SystemRoot\system32\drivers\crcdisk.sys
0x883C8000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x883D3000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x883DC000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x8D607000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8DA47000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DAE7000 \SystemRoot\System32\drivers\watchdog.sys
0x8DAF3000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8DAFD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8DB3B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8DB4A000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8DB62000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8DB68000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys
0x8DB78000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
0x8DBC2000 \SystemRoot\system32\DRIVERS\ks.sys
0x8F804000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8F907000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8F9BB000 \SystemRoot\system32\drivers\modem.sys
0x83309000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8F9C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8DBEC000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x83396000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x883EC000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x833AD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x833D0000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x833DF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x83172000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x83187000 \SystemRoot\system32\DRIVERS\termdd.sys
0x833F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x83197000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8F9F7000 \SystemRoot\system32\DRIVERS\swenum.sys
0x831A2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x831AC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x831B9000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x831EE000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x91E03000 \SystemRoot\system32\drivers\stwrt.sys
0x91EA6000 \SystemRoot\system32\drivers\portcls.sys
0x91ED3000 \SystemRoot\system32\drivers\drmk.sys
0x91EF8000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x91F01000 \SystemRoot\System32\Drivers\Null.SYS
0x91F08000 \SystemRoot\System32\Drivers\Beep.SYS
0x91F18000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x91F1F000 \SystemRoot\System32\drivers\vga.sys
0x91F2B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x91F4C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x91F54000 \SystemRoot\system32\drivers\rdpencdd.sys
0x91F5C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x91F67000 \SystemRoot\System32\Drivers\Npfs.SYS
0x91F75000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x91F7E000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91F94000 \SystemRoot\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
0x82BAA000 \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
0x91FED000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x91FF7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x82BD0000 \SystemRoot\system32\DRIVERS\smb.sys
0x807B7000 \SystemRoot\system32\drivers\afd.sys
0x92201000 \SystemRoot\System32\DRIVERS\netbt.sys
0x92233000 \SystemRoot\system32\DRIVERS\pacer.sys
0x92249000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x92260000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x9226D000 \SystemRoot\system32\DRIVERS\netbios.sys
0x9227B000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x9228E000 \SystemRoot\system32\drivers\N360\0501000.01D\Ironx86.SYS
0x922B2000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x922C7000 \SystemRoot\system32\drivers\N360\0501000.01D\SRTSPX.SYS
0x922D2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x9230E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x92317000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92327000 \SystemRoot\system32\drivers\nsiproxy.sys
0x9238F000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0x805D1000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0x82BE4000 \SystemRoot\System32\Drivers\dfsc.sys
0x92A07000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
0x92AD3000 \SystemRoot\System32\Drivers\crashdmp.sys
0x92AE0000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x92AEA000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x92AF7000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x92AFF000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92B07000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x92B0F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9B2D0000 \SystemRoot\System32\win32k.sys
0x92B18000 \SystemRoot\System32\drivers\Dxapi.sys
0x92B22000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9B4F0000 \SystemRoot\System32\TSDDD.dll
0x9B510000 \SystemRoot\System32\cdd.dll
0x92B31000 \SystemRoot\system32\drivers\luafv.sys
0x9FC0D000 \SystemRoot\system32\drivers\spsys.sys
0x9FCBD000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9FCCD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9FCE0000 \SystemRoot\system32\drivers\HTTP.sys
0x9FD4D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9FD6A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9FD83000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9FD98000 \SystemRoot\system32\drivers\mrxdav.sys
0x9FDB9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x92B54000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9FDD8000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x92B8D000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA0C0B000 \SystemRoot\System32\DRIVERS\srv.sys
0xA0C5A000 \SystemRoot\system32\DRIVERS\dsunidrv.sys
0xA0C5C000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xA0C60000 \SystemRoot\System32\Drivers\fastfat.SYS
0xA0C88000 \SystemRoot\system32\drivers\peauth.sys
0xA0D66000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA0D70000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA0D7C000 \SystemRoot\system32\DRIVERS\xaudio.sys
0xA0D84000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA0D99000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA6602000 \SystemRoot\System32\Drivers\N360\0501000.01D\SRTSP.SYS
0xA6997000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA6800000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120110.032\NAVEX15.SYS
0xA6980000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120110.032\NAVENG.SYS
0xA6688000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120110.002\IDSvix86.sys
0xA69AD000 \SystemRoot\System32\Drivers\BTHUSB.sys
0xA66E6000 \SystemRoot\System32\Drivers\bthport.sys
0xA69BA000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0xA69E3000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0xA6766000 \SystemRoot\system32\DRIVERS\bthpan.sys
0xA69ED000 \SystemRoot\system32\DRIVERS\hidbth.sys
0xA6780000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77350000 \Windows\System32\ntdll.dll

Processes (total 68):
0 System Idle Process
4 System
400 C:\Windows\System32\smss.exe
480 csrss.exe
532 C:\Windows\System32\wininit.exe
544 csrss.exe
576 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
644 C:\Windows\System32\winlogon.exe
780 C:\Windows\System32\svchost.exe
844 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1056 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\audiodg.exe
1176 C:\Windows\System32\svchost.exe
1196 C:\Windows\System32\SLsvc.exe
1232 C:\Windows\System32\svchost.exe
1356 C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
1428 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\spoolsv.exe
1644 C:\Windows\System32\svchost.exe
1856 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
1876 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1908 C:\Program Files\Bonjour\mDNSResponder.exe
1920 C:\Windows\System32\svchost.exe
1964 C:\Windows\System32\dldtcoms.exe
2008 C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
320 C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
1188 C:\Windows\System32\svchost.exe
1344 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
2084 C:\Program Files\Dell DataSafe Local Backup\SftService.exe
2112 C:\Windows\System32\svchost.exe
2168 C:\Windows\System32\svchost.exe
2248 C:\Windows\System32\SearchIndexer.exe
2280 C:\Windows\System32\drivers\XAudio.exe
2552 C:\Windows\System32\taskeng.exe
2560 WUDFHost.exe
2916 dllhost.exe
3128 C:\Windows\System32\svchost.exe
3880 C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
3648 C:\Windows\System32\taskeng.exe
1124 C:\Program Files\Dell DataSafe Local Backup\Toaster.exe
3784 C:\Program Files\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
3740 C:\Program Files\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
4140 C:\Windows\explorer.exe
4148 C:\Windows\System32\dwm.exe
5928 C:\Windows\sttray.exe
5936 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
5952 C:\Program Files\QuickTime\QTTask.exe
5960 C:\Program Files\iTunes\iTunesHelper.exe
5972 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
5996 C:\Program Files\Common Files\Java\Java Update\jusched.exe
6048 C:\Windows\ehome\ehtray.exe
5144 C:\Program Files\Windows Media Player\wmpnscfg.exe
3492 C:\Program Files\Windows Media Player\wmpnetwk.exe
5336 C:\Program Files\SetPoint\SetPoint.exe
3512 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
5992 C:\Windows\ehome\ehmsas.exe
3804 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
5708 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
1408 C:\Program Files\iPod\bin\iPodService.exe
2516 C:\Program Files\Internet Explorer\iexplore.exe
3252 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
5732 C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
424 C:\Program Files\Internet Explorer\iexplore.exe
7688 C:\Users\Bruce\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`82800000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)

PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.AD

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979

Bruce C
2012-01-11, 20:03
Hi Scolabar, As always thanks for your help and patience. I don't think I had any problems . If the imfo. I pasted is what you were looking for then I did not . I'm always a little unsure when I don't see some of the exact imfo. that you provided ie; a_d_13 but I think I got it right.
Thanks ,Bruce

Scolabar
2012-01-12, 12:29
Hi Bruce C,

Thank you, those were the logs I was after. :bigthumb:
I hope the trip the hospital went OK.

Congratulations and well done! I can now confirm that your system now appears to be clean. :2thumb:

Now that your computer appears to clear of malware infection we need to tidy a few things up and deal with a few remaining items: :cleaning:
Step 1:

It's now time for some housekeeping. Please follow the instructions below to remove the tools we have used to clean up your computer.

OTL - Cleanup

Right-click on OTL.exe and select the Run As Administrator option to launch the program. If you receive a UAC prompt, please allow it.
This will remove most, if not all, of the tools we used to clean your PC.
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, press the CleanUp! button.
Click on the Yes button at the prompt and then allow the program to reboot your computer.
Remove Tools Used

You can now safely delete the tools used in cleaning up the infection. Please remove the following tools from your system along with any related .zip files.


MBRCheck.exe
RKUnhookerLE.exe
SecurityCheck.exe

Please Note: These tools are updated on a regular basis and so, if required in future, should be downloaded afresh under supervision.

Step 2:
Create Clean System Restore Point

Create a new, clean System Restore point which be used in the event of future system problems:

Click on Start > All Programs > Accessories > System Tools > System Restore.
Select the Create a restore point option then click on Next.
You can name your new Restore Point something like All Clean, for example, and then select Create.
Once the Restore Point has been created you can click on Close.
Now remove old, infected System Restore points:
Next click on Start > Run.
Copy and Paste the following command into the text entry box:

cleanmgr
Then click on the OK button.
Make sure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore and click on the Clean up... button and reply Yes to the prompt.
Click on the OK button and the Yes button to confirm.
Step 3:
Security Vulnerabilities

I cannot stress how important it is to address the following security vulnerabilities. If you don't keep your Operating System and Internet Explorer up-to-date the computer will be open to re-infection.

The same equally applies to the programs you use. Please see the Further Guidelines section below for more information on keeping your programs up-to-date in future.


Outdated Adobe Reader

It is strongly recommended that you update to the current version of Adobe Reader X - 10.1.2.
Older versions of Adobe Reader are known to have vunerabilities that can be exploited by malware to infect your system.

Download the latest available version from here (http://get.adobe.com/uk/reader/).
Before proceeding any further uninstall all previous versions of Adobe Reader.
Then run the newly downloaded Adobe Reader installer.
Please Note: Remember to Uncheck the Free McAfee® Security Scan Plus if you do not want or need it.

Step 4:
Improve Your Computer's Security

MalwareBytes' AntiMalware
It is worth keeping MalwareBytes' AntiMalware on your system. Updating the program and running a scan once every couple of weeks will help you to keep malware free.

Below are additional (free) programs that can help improve your computer's security.
Many feel that having a "layered" protection scheme is beneficial. You'll need to decide what works best for your situation. You may like to give them a try. :)


WinPatrol
Download it from Copyright © BillP Studios (http://www.winpatrol.com/download.html).
Information about how WinPatrol works, is available here (http://www.winpatrol.com/features.html).
(The free version of WinPatrol provides limited real-time protection.)

SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from here (http://www.siteadvisor.com/).

SpywareBlaster
Download and install Javacool's SpywareBlaster from Here (http://www.javacoolsoftware.com/spywareblaster.html).
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Web of Trust (WOT)
Install Web of Trust (WOT). WOT keeps you from dangerous websites with warnings and blockings.
You can find more information about the program and download it from Here (http://www.siteadvisor.com/).

MVPS Hosts
For added protection you may also like to add a hosts file. A simple explanation of what a Hosts file does is provided here (http://forum.malwareremoval.com/viewtopic.php?t=22187).
Install MVPS Hosts File from here (http://mvps.org/winhelp2002/hosts.htm).
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can read the Tutorial here (http://www.mvps.org/winhelp2002/hosts.htm).

Panda USB Vaccine
Protect your computer from removable or USB drive infections with Panda USB Vaccine. It is an effective method of preventing the spread of malware.
You can download and learn more about this product from Here (http://www.pandasecurity.com/homeusers/downloads/usbvaccine/).

Step 5:
Further Guidelines

Please follow these simple guidelines in order to help keep your computer more secure:


Update your Anti-virus program and other programs regularly.
Online Secunia Software Inspector (http://secunia.com/vulnerability_scanning/online/) - © Secunia.
FileHippo.com Update Checker (http://www.filehippo.com/updatechecker/) - © FileHippo.com
F-secure Health Check (http://www.f-secure.com/en_EMEA/security/security-center/health-check/) - © F-Secure Corporation.

Visit Microsoft often
Keep on top of critical updates, as well as other updates for your computer.
Using Windows Update in Windows Vista (http://www.microsoft.com/windows/downloads/windowsupdate/learn/windowsvista.mspx#ESC)
What is Windows Update? (http://www.microsoft.com/windows/downloads/windowsupdate/default.mspx)
Microsoft Update Home (http://www.update.microsoft.com)

Read, stay informed.
To help minimize the chances of becoming re-infected, please read:
Computer Security - a short guide to staying safer online (http://www.malwareremoval.com/forum/viewtopic.php?p=557960#p557960)

If your computer is running slowly after your clean up, please read:
What to do if your Computer is running slowly (http://www.malwareremoval.com/tutorials/runningslowly.php)

Please confirm that you have completed the cleanup steps and reviewed the rest of the post.
Once your reply has been received, unless there are other malware questions or concerns, this topic will be closed as resolved.

Stay Safe! ;)
Scolabar

Bruce C
2012-01-14, 21:04
I got halfway there yesterday before I was interupted, I'lll finish it up this afternoon , Thanks , Bruce

Bruce C
2012-01-15, 22:59
Please help. My husband finished #4 on step 2. We need to start at #4, however cannot find the start>Run. Can you get us to where #5 starts.

Thank you

Scolabar
2012-01-16, 17:43
Hi Bruce C,

Apologies for the oversight. I provided instructions for Windows XP instead of Vista. :red:
Please replace Step 2 with the instructions below and then continue with the rest of the instructions:

Step 2:
Create Clean System Restore Point

Create a new, clean System Restore point which be used in the event of future system problems:

Reset System Restore:
Select Start > Right-click on Computer > select Properties.
In the left-hand pane click on the System Protection option.
Under the System Protection tab.
Select the drive letter where Windows is located (usually C: drive) indicates System protection ON.
(This indicates System Restore is turned ON for the Windows drive).
Click on the Configure button.
Select the Turn off system protection option and then click on the Apply button.
Click on the Yes button to accept the pop-up confirmation.
Click on the OK button and close the System window in the Control Panel.
This will remove all restore points and clear all the old stored system files once the computer has been restarted.
Restart your computer.

Turn ON System Restore:
As soon as the computer has restarted and you have logged back on:
Select Start > Right-click on Computer > select Properties.
In the left-hand pane click on the System Protection option.
Under the System Protection tab.
Select the drive letter where Windows is located (usually C: drive). This will now be indicated by System protection OFF.
(This will indicate that System Restore is currently turned OFF for the Windows drive).
Click on the Configure button.
Select the Restore system settings and previous versions of files option, click on the Apply button and then click on the OK button.
Click on the OK button and close the System window in the Control Panel.
You now have a clean restore point to use if you need to restore your system.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Scolabar
2012-01-19, 07:10
Hi Bruce C,

It has been over 48 hours since my last post.

Did you manage to complete the instructions?
Do you still need help?
Do you need more time?
Are you having problems following the instructions?
In line with Safer-Networking's Forum Guidelines, topics will be closed after 3 days without a response.
If you do not reply within the next 24 hours, this topic will be closed.

Scolabar
--------------------------------------------------------------------------
No Reply Within 3 Days Will Result In Your Topic Being Closed

Cypher
2012-01-21, 12:28
This topic has been archived due to inactivity.

If it has been three days or more since your last post, and the helper assisting you posted a response to which you did not reply, your thread will not be re-opened. At that point, if you still require help, please start a new topic and include a new DDS log with a link to your previous thread. Please do not add any logs that might have been requested previously, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send your helper a private message (pm). A valid, working link to the closed topic is required.