Help, I can't open anything........

[d0zer]

Anyone that can get me back up and running will be greatly appreciated here.

I can't get online, I can't open MB, I can't do anything. The only thing that pops up is a window asking me which application I'd like to use to open whatever it is that I clicked on--it doesn't matter if I try and open Firefox, MB, an app from a thumbdrive, or anything else. I've had to contact y'all from a completely separate computer.

I've had MB on my machine for several months now, and run it at least once every 2 weeks, and I even ran it yesterday, prior to contacting this virus.

Please help. I need the infected computer for work.

Thanks in advance.........

[Elise]

Hello, and welcome to Malwarebytes forum,

Lets see if we can use an alternative way to get some information.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  
• When downloaded double click and this will then open ISOBurner to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Use Safelist
    

  [*]Press Run Scan to start the scan.

  [*]When finished, the file will be saved in drive C:\OTL.txt

  [*]Copy this file to your USB drive if you do not have internet connection on this system

  [*]Please post the contents of the OTL.txt file in your reply.

[d0zer]

Hello, and welcome to Malwarebytes forum,

Lets see if we can use an alternative way to get some information.

OK this file is big Print these instruction out so that you know what you are doing

Two programs to download

First

ISOBurner this will allow you to burn OTLPE ISO to a cd and make it bootable. Just install the program, from there on in it is fairly automatic. Instructions

Second

• Download OTLPE.iso and burn to a CD using ISO Burner. NOTE: This file is 292Mb in size so it may take some time to download.
  
• When downloaded double click and this will then open ISOBurner to burn the file to CD
  
• Reboot your system using the boot CD you just created.
  Note : If you do not know how to set your computer to boot from CD follow the steps here
  
• Your system should now display a REATOGO-X-PE desktop.
  
• Double-click on the OTLPE icon.
  
• When asked "Do you wish to load the remote registry", select Yes
  
• When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  
• Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  
• OTL should now start. Change the following settings
  • Change Drivers to Use Safelist
    

  [*]Press Run Scan to start the scan.

  [*]When finished, the file will be saved in drive C:\OTL.txt

  [*]Copy this file to your USB drive if you do not have internet connection on this system

  [*]Please post the contents of the OTL.txt file in your reply.

Hello Elise. Thank you for replying so quickly. I do have an update on my situation. I was able to finally get MB running by right clicking and selecting "Run as Administrator". I then ran the "Full Scan", and MB did indeed find an infected file, which I then removed.

I'm now able to open everything normally, and those fake AV messages have stopped popping up as well.

However, is that all there is to it? Is there a way to tell if the virus was completely removed, or not. I trust the MB program. It's just that I had to help a friend remove a similar virus, with help from AdvancedSetup, and we ended up having to use about 12 separate tools, over the course of a week and a half, before I got the all clear signal for that machine.

[Elise]

Hello again,

Thats good news B)

OTL

-----

Please download OTL from one of the following mirrors:

• • This is THE Mirror
    

[*]Save it to your desktop.

[*]Double click on the icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the button.

[*]Two reports will open, copy and paste them in a reply here:

• OTListIt.txt <-- Will be opened
  
• Extra.txt <-- Will be minimized
  

GMER

-------

Please download GMER from one of the following locations and save it to your desktop:

• Main Mirror
  This version will download a randomly named file (Recommended)
  
• Zipped Mirror
  This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  

• Disconnect from the Internet and close all running programs.
  
• Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  
• Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  
• Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.
  
  
• GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  
• If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  
• Now click the Scan button. If you see a rootkit warning window, click OK.
  
• When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  
• Click the Copy button and paste the results into your next reply.
  
• Exit GMER and re-enable all active protection when done.
  

-- If you encounter any problems, try running GMER in Safe Mode.

[d0zer]

OK, heres OTL.txt:

OTL logfile created on: 3/5/2010 10:05:39 AM - Run 1

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\rich\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.30 Gb Total Space | 144.10 Gb Free Space | 65.41% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.74 Gb Free Space | 47.45% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RICH-PC

Current User Name: rich

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/05 10:04:59 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\rich\Downloads\OTL.exe

PRC - [2010/03/01 14:49:48 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2010/03/01 14:49:47 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2010/02/18 09:28:47 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/12/21 18:35:18 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

PRC - [2009/12/02 14:24:14 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2009/11/13 16:15:00 | 001,807,600 | ---- | M] () -- C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe

PRC - [2009/11/13 08:44:28 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\rich\Program Files\DNA\btdna.exe

PRC - [2009/10/29 06:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe

PRC - [2009/09/16 10:23:32 | 000,262,160 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\VirusScan\mcvsshld.exe

PRC - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe

PRC - [2009/09/02 22:50:31 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe

PRC - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSK\msksrver.exe

PRC - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/12/07 20:13:00 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2008/09/30 09:03:14 | 000,820,464 | ---- | M] (Dell Inc.) -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe

PRC - [2008/09/30 09:03:12 | 000,464,112 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell Remote Access\ezi_ra.exe

PRC - [2008/09/23 21:09:52 | 001,295,656 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DellDock.exe

PRC - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe

PRC - [2008/02/22 16:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2008/02/22 15:54:34 | 000,390,424 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

PRC - [2008/01/20 19:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe

PRC - [2008/01/20 19:23:32 | 000,319,544 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe

PRC - [2008/01/01 20:44:38 | 000,405,504 | ---- | M] (IDT, Inc.) -- C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe

PRC - [2008/01/01 20:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe

PRC - [2008/01/01 20:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEstSrv.exe

PRC - [2007/12/21 09:58:06 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe

PRC - [2007/12/02 22:58:54 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe

PRC - [2007/10/25 16:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe

PRC - [2007/10/25 16:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

PRC - [2007/10/25 16:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2007/07/25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe

PRC - [2007/07/25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

PRC - [2007/07/18 06:26:42 | 000,775,952 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe

PRC - [2007/07/18 06:26:26 | 000,374,032 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe

PRC - [2007/07/18 06:26:26 | 000,320,784 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe

PRC - [2007/07/18 06:26:24 | 000,387,856 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDCountdown.exe

PRC - [2007/07/18 06:26:24 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe

PRC - [2007/02/12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007/02/12 12:37:58 | 000,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2006/11/03 16:55:50 | 000,703,280 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

PRC - [2006/11/03 16:55:48 | 001,583,920 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

========== Modules (SafeList) ==========

MOD - [2010/03/05 10:04:59 | 000,553,984 | ---- | M] (OldTimer Tools) -- C:\Users\rich\Downloads\OTL.exe

MOD - [2009/04/10 23:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/03/01 14:49:47 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2009/12/18 15:09:19 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/12/04 15:16:18 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)

SRV - [2009/12/03 16:29:00 | 003,377,880 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)

SRV - [2009/12/02 14:24:14 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)

SRV - [2009/10/27 11:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/09/24 18:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)

SRV - [2009/09/16 10:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 09:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 08:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/07/09 23:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/07/08 13:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSK\MskSrver.exe -- (MSK80Service)

SRV - [2009/07/08 10:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 18:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2008/09/30 09:03:14 | 000,820,464 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe -- (hnmsvc)

SRV - [2008/09/23 21:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)

SRV - [2008/02/22 15:54:34 | 000,390,424 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (nicconfigsvc)

SRV - [2008/01/20 19:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008/01/01 20:44:32 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)

SRV - [2008/01/01 20:44:26 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEstSrv.exe -- (AESTFilters)

SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2007/07/25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2007/07/25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2007/02/12 12:38:04 | 000,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®

========== Driver Services (SafeList) ==========

DRV - [2009/09/16 09:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 09:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 09:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 09:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 09:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/07/16 11:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)

DRV - [2009/04/22 13:47:36 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009/04/10 21:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2009/01/07 16:57:58 | 000,030,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)

DRV - [2009/01/07 16:57:56 | 000,018,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)

DRV - [2008/06/17 11:01:06 | 000,022,016 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\packet.sys -- (Packet)

DRV - [2008/03/27 06:27:32 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)

DRV - [2008/01/20 19:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)

DRV - [2008/01/20 19:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)

DRV - [2008/01/20 19:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)

DRV - [2008/01/20 19:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)

DRV - [2008/01/20 19:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)

DRV - [2008/01/20 19:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)

DRV - [2008/01/20 19:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)

DRV - [2008/01/20 19:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®

DRV - [2008/01/20 19:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)

DRV - [2008/01/20 19:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)

DRV - [2008/01/20 19:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®

DRV - [2008/01/20 19:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)

DRV - [2008/01/20 19:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)

DRV - [2008/01/20 19:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)

DRV - [2008/01/20 19:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)

DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)

DRV - [2008/01/20 19:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)

DRV - [2008/01/20 19:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)

DRV - [2008/01/20 19:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)

DRV - [2008/01/20 19:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)

DRV - [2008/01/20 19:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)

DRV - [2008/01/20 19:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)

DRV - [2008/01/20 19:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)

DRV - [2008/01/20 19:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)

DRV - [2008/01/20 19:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)

DRV - [2008/01/20 19:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)

DRV - [2008/01/01 20:44:40 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/12/02 22:59:06 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Vfx.sys -- (OEM02Vfx)

DRV - [2007/12/02 22:58:50 | 000,235,648 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OEM02Dev.sys -- (OEM02Dev)

DRV - [2007/11/06 02:38:10 | 007,619,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)

DRV - [2007/10/11 19:00:54 | 003,647,384 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)

DRV - [2007/10/11 19:00:43 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2007/10/11 19:00:20 | 000,066,456 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvselsus.sys -- (lvselsus)

DRV - [2007/10/11 19:00:09 | 002,091,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)

DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2007/10/11 18:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt)

DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)

DRV - [2007/08/13 02:44:26 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®

DRV - [2007/07/19 18:12:00 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)

DRV - [2007/07/18 06:30:28 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)

DRV - [2007/07/17 17:11:16 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)

DRV - [2007/07/17 17:11:14 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)

DRV - [2007/07/17 17:11:14 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)

DRV - [2006/11/06 18:37:16 | 000,078,128 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)

DRV - [2006/11/06 16:13:52 | 000,016,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)

DRV - [2006/11/06 16:13:50 | 000,080,176 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)

DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)

DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)

DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)

DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)

DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)

DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)

DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)

DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)

DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)

DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)

DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)

DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)

DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)

DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)

DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)

DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)

DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)

DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)

DRV - [2006/11/02 00:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1081208

IE - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=1081208

IE - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\S-1-5-21-3902164839-2512666668-2869086585-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://online.wsj.com/public/us"

FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1

FF - prefs.js..extensions.enabledItems: iaplayer@instantaction.com:0.4.1.1

FF - prefs.js..extensions.enabledItems: {DD6E86C6-37DF-4648-BD81-6AA31185EB68}:1.9.1

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 09:28:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 09:28:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/12/04 15:11:07 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/12/17 20:56:02 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Mozilla\Extensions

[2010/03/04 20:48:41 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\tu94khm9.default\extensions

[2009/06/25 09:02:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\tu94khm9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2009/02/28 12:43:57 | 000,000,000 | ---D | M] -- C:\Users\rich\AppData\Roaming\Mozilla\Firefox\Profiles\tu94khm9.default\extensions\iaplayer@instantaction.com

[2008/12/17 20:37:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/07/03 00:34:44 | 000,083,376 | ---- | M] (NHN USA Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll

[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

[2009/12/23 13:24:11 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2006/09/18 14:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe ()

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.)

O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000..\Run: [bitTorrent DNA] C:\Users\rich\Program Files\DNA\btdna.exe (BitTorrent, Inc.)

O4 - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O4 - Startup: C:\Users\rich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)

O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O13 - gopher Prefix: missing

O15 - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-3902164839-2512666668-2869086585-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll File not found

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\dellwall3.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/04 11:51:33 | 000,000,000 | ---D | C] -- C:\Users\rich\Desktop\ProcessExplorer

[2010/03/04 11:48:53 | 000,000,000 | ---D | C] -- C:\Users\rich\Documents\ProcessExplorer[1]

[2010/03/04 00:20:46 | 000,000,000 | ---D | C] -- C:\Program Files\Win 32.Trojan.Keylogger Removal Tool

[2010/03/03 10:33:04 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Local\rfmapv

[2010/02/27 14:03:00 | 000,000,000 | ---D | C] -- C:\Users\rich\AppData\Local\bgocmv

[2010/02/25 09:14:28 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch

[2010/02/24 09:20:33 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2010/02/24 09:20:24 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2010/02/24 09:19:39 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll

[2010/02/24 09:19:39 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll

[2010/02/24 09:19:38 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe

[2010/02/24 09:19:37 | 000,518,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe

[2010/02/24 09:19:37 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe

[2010/02/24 09:19:37 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe

[2010/02/24 09:19:37 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll

[2010/02/24 09:19:37 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll

[2010/02/24 09:19:37 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll

[2010/02/24 09:19:30 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll

[2010/02/24 09:19:29 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll

[2010/02/24 09:19:29 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll

[2010/02/18 01:21:04 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll

[2010/02/10 09:28:43 | 003,600,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe

[2010/02/10 09:28:43 | 003,548,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe

[2010/02/10 09:28:35 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll

[2010/02/10 09:28:35 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll

[2010/02/10 09:28:35 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll

[2010/02/10 09:28:35 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll

[2009/01/24 22:57:09 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\rich\AppData\Roaming\DataSafeDotNet.exe

========== Files - Modified Within 30 Days ==========

[2010/03/05 10:05:16 | 002,097,152 | -HS- | M] () -- C:\Users\rich\NTUSER.DAT

[2010/03/05 09:41:05 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/03/05 09:11:28 | 000,022,665 | ---- | M] () -- C:\Windows\System32\Config.MPF

[2010/03/05 09:10:49 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010/03/05 09:10:48 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010/03/05 09:10:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/03/04 23:26:48 | 000,027,240 | ---- | M] () -- C:\Users\rich\AppData\Roaming\nvModes.dat

[2010/03/04 23:26:48 | 000,027,240 | ---- | M] () -- C:\Users\rich\AppData\Roaming\nvModes.001

[2010/03/04 19:41:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/03/04 14:35:44 | 000,426,637 | ---- | M] () -- C:\Users\rich\Desktop\logoMaterial.docx

[2010/03/04 14:29:58 | 000,014,905 | ---- | M] () -- C:\Users\rich\Desktop\griphon.jpg

[2010/03/04 13:31:49 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2010/03/04 13:31:49 | 000,595,684 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010/03/04 13:31:49 | 000,101,350 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010/03/04 13:23:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010/03/04 13:23:36 | 2145,452,032 | -HS- | M] () -- C:\hiberfil.sys

[2010/03/04 13:22:39 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2010/03/04 13:22:11 | 000,524,288 | -HS- | M] () -- C:\Users\rich\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2010/03/04 13:22:11 | 000,065,536 | -HS- | M] () -- C:\Users\rich\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2010/03/04 13:22:07 | 002,357,653 | -H-- | M] () -- C:\Users\rich\AppData\Local\IconCache.db

[2010/03/04 11:51:20 | 001,615,732 | ---- | M] () -- C:\Users\rich\Desktop\ProcessExplorer.zip

[2010/03/04 00:20:14 | 000,008,354 | -HS- | M] () -- C:\Users\rich\AppData\Local\jXP7U0T4

[2010/03/04 00:03:07 | 000,196,608 | -HS- | M] () -- C:\Users\rich\AppData\Local\MSASCui.exe

[2010/03/03 14:47:23 | 000,000,472 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010/03/03 14:26:01 | 000,090,486 | ---- | M] () -- C:\Users\rich\Desktop\placermining2.jpg

[2010/03/03 14:25:42 | 000,077,743 | ---- | M] () -- C:\Users\rich\Desktop\mining-equipment1.jpg

[2010/03/02 12:42:27 | 001,795,984 | ---- | M] () -- C:\Users\rich\Desktop\Extrac-TEC_Brochure-new.pdf

[2010/03/02 12:21:51 | 000,233,712 | ---- | M] () -- C:\Users\rich\Desktop\hpc-30-Feeder.pdf

[2010/03/02 12:18:58 | 000,641,650 | ---- | M] () -- C:\Users\rich\Documents\Mining Operation Vision V4......docx

[2010/03/01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\McQcTask.job

[2010/02/28 10:57:10 | 001,972,997 | ---- | M] () -- C:\Users\rich\Desktop\Doherty VoC Newsletter12-01-09-02-28-10.pdf

[2010/02/26 15:03:18 | 000,307,411 | ---- | M] () -- C:\Users\rich\Desktop\G00720.pdf

[2010/02/25 23:25:39 | 000,190,980 | ---- | M] () -- C:\Users\rich\Desktop\Chamonix-Zematt dossier 09-10.pdf

[2010/02/25 23:11:01 | 000,320,101 | ---- | M] () -- C:\Users\rich\Desktop\HC LTD Private Placement DRAFT 2.25.10.docx

[2010/02/25 09:11:33 | 000,073,832 | ---- | M] () -- C:\Users\rich\AppData\Local\GDIPFONTCACHEV1.DAT

[2010/02/25 09:09:20 | 000,304,160 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010/02/24 13:50:45 | 000,039,424 | ---- | M] () -- C:\Users\rich\Documents\Mining Operation Vision V3......doc

[2010/02/24 09:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010/02/22 10:42:10 | 062,370,282 | ---- | M] () -- C:\Users\rich\Desktop\ofr2008-1253.pdf

[2010/02/19 13:51:00 | 000,020,842 | ---- | M] () -- C:\Users\rich\Documents\Mining Operation Vision V3......docx

[2010/02/19 12:43:05 | 000,315,368 | ---- | M] () -- C:\Users\rich\Desktop\myb3-2007-ec.pdf

[2010/02/19 11:17:54 | 000,108,610 | ---- | M] () -- C:\Users\rich\Desktop\ecmyb04.pdf

[2010/02/19 10:50:43 | 000,019,180 | ---- | M] () -- C:\Users\rich\Documents\Mining Operation Vision V2......docx

[2010/02/18 13:05:53 | 000,021,730 | ---- | M] () -- C:\Users\rich\Documents\Mining Operation Vision......docx

[2010/02/18 11:47:48 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/02/15 01:00:00 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job

[2010/02/07 00:38:51 | 000,000,000 | ---- | M] () -- C:\Users\rich\AppData\Local\Vqidi.bin

[2010/02/07 00:38:50 | 000,000,120 | ---- | M] () -- C:\Users\rich\AppData\Local\Uwomijovapupike.dat

[2010/02/06 14:26:52 | 009,854,434 | ---- | M] () -- C:\Users\rich\Desktop\15) Geologists Report NI 43-101.pdf

[2010/02/03 11:48:51 | 006,529,129 | ---- | M] () -- C:\Users\rich\Desktop\HylanderEtal_CLEAN-07.pdf

[2010/02/03 11:28:14 | 000,043,501 | ---- | M] () -- C:\Users\rich\Desktop\MicronicParticleToMesh.jpg

========== Files Created - No Company Name ==========

[2010/03/04 14:35:43 | 000,426,637 | ---- | C] () -- C:\Users\rich\Desktop\logoMaterial.docx

[2010/03/04 14:24:30 | 000,014,905 | ---- | C] () -- C:\Users\rich\Desktop\griphon.jpg

[2010/03/04 11:51:11 | 001,615,732 | ---- | C] () -- C:\Users\rich\Desktop\ProcessExplorer.zip

[2010/03/04 00:01:32 | 000,196,608 | -HS- | C] () -- C:\Users\rich\AppData\Local\MSASCui.exe

[2010/03/04 00:01:04 | 000,008,354 | -HS- | C] () -- C:\Users\rich\AppData\Local\jXP7U0T4

[2010/03/03 14:26:00 | 000,090,486 | ---- | C] () -- C:\Users\rich\Desktop\placermining2.jpg

[2010/03/03 14:25:40 | 000,077,743 | ---- | C] () -- C:\Users\rich\Desktop\mining-equipment1.jpg

[2010/03/02 12:42:27 | 001,795,984 | ---- | C] () -- C:\Users\rich\Desktop\Extrac-TEC_Brochure-new.pdf

[2010/03/02 12:21:51 | 000,233,712 | ---- | C] () -- C:\Users\rich\Desktop\hpc-30-Feeder.pdf

[2010/03/02 12:18:57 | 000,641,650 | ---- | C] () -- C:\Users\rich\Documents\Mining Operation Vision V4......docx

[2010/02/28 10:57:10 | 001,972,997 | ---- | C] () -- C:\Users\rich\Desktop\Doherty VoC Newsletter12-01-09-02-28-10.pdf

[2010/02/26 15:03:18 | 000,307,411 | ---- | C] () -- C:\Users\rich\Desktop\G00720.pdf

[2010/02/25 23:25:39 | 000,190,980 | ---- | C] () -- C:\Users\rich\Desktop\Chamonix-Zematt dossier 09-10.pdf

[2010/02/25 23:10:52 | 000,320,101 | ---- | C] () -- C:\Users\rich\Desktop\HC LTD Private Placement DRAFT 2.25.10.docx

[2010/02/24 13:50:35 | 000,039,424 | ---- | C] () -- C:\Users\rich\Documents\Mining Operation Vision V3......doc

[2010/02/22 10:42:09 | 062,370,282 | ---- | C] () -- C:\Users\rich\Desktop\ofr2008-1253.pdf

[2010/02/19 12:43:05 | 000,315,368 | ---- | C] () -- C:\Users\rich\Desktop\myb3-2007-ec.pdf

[2010/02/19 11:17:54 | 000,108,610 | ---- | C] () -- C:\Users\rich\Desktop\ecmyb04.pdf

[2010/02/19 11:13:20 | 000,020,842 | ---- | C] () -- C:\Users\rich\Documents\Mining Operation Vision V3......docx

[2010/02/18 13:07:28 | 000,019,180 | ---- | C] () -- C:\Users\rich\Documents\Mining Operation Vision V2......docx

[2010/02/15 13:02:35 | 000,021,730 | ---- | C] () -- C:\Users\rich\Documents\Mining Operation Vision......docx

[2010/02/07 09:31:33 | 000,000,886 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/02/07 09:31:27 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/02/06 14:26:52 | 009,854,434 | ---- | C] () -- C:\Users\rich\Desktop\15) Geologists Report NI 43-101.pdf

[2010/02/03 11:48:51 | 006,529,129 | ---- | C] () -- C:\Users\rich\Desktop\HylanderEtal_CLEAN-07.pdf

[2010/02/03 11:28:12 | 000,043,501 | ---- | C] () -- C:\Users\rich\Desktop\MicronicParticleToMesh.jpg

[2010/02/02 17:51:58 | 000,000,120 | ---- | C] () -- C:\Users\rich\AppData\Local\Uwomijovapupike.dat

[2010/02/02 17:51:58 | 000,000,000 | ---- | C] () -- C:\Users\rich\AppData\Local\Vqidi.bin

[2009/12/08 22:09:20 | 000,000,680 | ---- | C] () -- C:\Users\rich\AppData\Local\d3d9caps.dat

[2009/11/30 12:33:46 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll

[2009/08/18 12:50:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/02/28 20:05:42 | 000,001,992 | ---- | C] () -- C:\Users\rich\AppData\Roaming\wklnhst.dat

[2009/02/21 18:34:34 | 000,106,496 | ---- | C] () -- C:\Windows\System32\VSHP1020.DLL

[2008/12/25 11:15:37 | 000,059,500 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

[2008/12/17 20:58:32 | 000,018,944 | ---- | C] () -- C:\Users\rich\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/17 20:45:40 | 000,027,240 | ---- | C] () -- C:\Users\rich\AppData\Roaming\nvModes.001

[2008/12/17 20:45:38 | 000,027,240 | ---- | C] () -- C:\Users\rich\AppData\Roaming\nvModes.dat

[2008/12/07 21:45:41 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll

[2008/12/07 21:45:32 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

[2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys

[2007/07/25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll

[2006/11/03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll

[2006/11/02 05:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 03:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5D432CE3

@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9638A27E

< End of report >

[d0zer]

And then, here's Extras.txt:

OTL Extras logfile created on: 3/5/2010 10:05:39 AM - Run 1

OTL by OldTimer - Version 3.1.34.0 Folder = C:\Users\rich\Downloads

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18882)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 36.00% Memory free

4.00 Gb Paging File | 2.00 Gb Available in Paging File | 58.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 220.30 Gb Total Space | 144.10 Gb Free Space | 65.41% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 4.74 Gb Free Space | 47.45% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RICH-PC

Current User Name: rich

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3902164839-2512666668-2869086585-1000\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0AC2BDFD-8935-42EB-8ED1-B4A6466B96A8}" = lport=137 | protocol=17 | dir=in | app=system |

"{B20F2373-E433-42CE-BB38-D9DBE6692BFB}" = rport=137 | protocol=17 | dir=out | app=system |

"{B3327E5A-3CDE-4E1B-B8AA-3B87EC4B83CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{B51C148B-86D0-4D59-B0A4-23A9B6EDE08A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{B8753EBC-DA99-4C71-9377-76B4C608F58F}" = rport=139 | protocol=6 | dir=out | app=system |

"{B8E512D1-4351-4244-A4E8-74269FB52094}" = lport=445 | protocol=6 | dir=in | app=system |

"{B997C1B5-0760-492F-B1A8-AC4B50A205EB}" = lport=139 | protocol=6 | dir=in | app=system |

"{BB987B4D-756E-4FBA-BE16-BF75D5FAB34E}" = rport=445 | protocol=6 | dir=out | app=system |

"{E9BC92B6-B8BD-4E7F-9B05-E245D043AD20}" = lport=138 | protocol=17 | dir=in | app=system |

"{F7C67F53-E1BC-4BF1-9B7A-3C4D2D05516E}" = rport=138 | protocol=17 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0910F4C4-C881-44E1-B057-E656699154DC}" = protocol=17 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |

"{0A24A717-E070-425E-8EAE-3A24D6159A7D}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{1165F2D9-CEBD-407B-BC61-E06FF48E05EF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{26D4C49F-3BFE-417E-A572-2775D1239CAD}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{2E3FA741-A1CA-410F-94BF-14BAC223E193}" = protocol=6 | dir=in | app=c:\program files\dell remote access\ezi_ra.exe |

"{3028DD04-3A6F-4EF9-A07A-AEA4E5C8BC0F}" = protocol=17 | dir=in | app=c:\users\rich\appdata\local\temp\ijjioptimizer.exe |

"{41F64C2A-FDD9-4C1C-BF5C-13B9B77A845D}" = dir=in | app=c:\program files\dell\mediadirect\mediadirect.exe |

"{52B4FD7F-4621-4D88-AC68-E2BAD92E9F15}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5C0848ED-5E44-4028-B2D9-7A07CBBB75C9}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |

"{774B401D-1588-4E97-9B5F-0F76EF06FA76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{7CCDED70-EB41-4914-ACA2-5FCBF53E7196}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{7DDD895E-099F-4E97-9A5B-999B74F2444E}" = protocol=6 | dir=in | app=c:\users\rich\appdata\local\temp\ijjioptimizer.exe |

"{8E0C3A55-4B38-437B-88FD-81BC5131F037}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{8FBD3D35-4657-4426-972E-9F341CDAC951}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{914D4EB9-B8FE-4EC7-9816-6F35DF10117F}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |

"{99A71B31-7B18-473A-A3F6-94B95BC3D6F0}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |

"{AEF9B852-915C-40AB-9696-1ADFBBD84F50}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{AFF9177B-8CED-4E73-8A39-6A56DBA25A61}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{B1897608-68BC-4F62-8A19-0F7FB963538D}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\advanced networking service\hnm_svc.exe |

"{B54348AB-38D3-4830-BB01-52C0DFDEDA6C}" = protocol=17 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |

"{B897DA33-04B3-4719-B937-3F4DF8F12F36}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{BBA4B5D4-9800-4815-9993-A68DE6E7EF68}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |

"{C60D7162-F802-4384-8B0E-0958A620B185}" = protocol=6 | dir=in | app=c:\programdata\singleclick systems\vlc\vlc.exe |

"{C920B75E-6336-4011-BDE4-0D1689931F3B}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |

"{E3EBFB5A-91E4-4DAE-8B91-E66C5E42C64D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"{E8C3A558-CEB1-4356-98D2-32CA52684964}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |

"{EA460DD5-A4E3-4D36-A792-73125D2963D4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{EAC2B7F7-7D5E-4F97-BB7F-7035B9632E27}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"{F5298422-A68D-46AE-906D-26BCD2DFF90B}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{FC43D293-1BDC-4F11-A00C-2615DA61B920}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |

"TCP Query User{0F4FA951-E6B3-4349-9729-64093C17A183}C:\program files\gamersfirst\parabellum beta\binaries\parabellumthegame.exe" = protocol=6 | dir=in | app=c:\program files\gamersfirst\parabellum beta\binaries\parabellumthegame.exe |

"TCP Query User{2D51C339-95B2-43DD-ACC2-6EFF252A636C}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |

"TCP Query User{56CC4672-9B65-4385-9672-454D4A518B1C}C:\ijji\english\ava\binaries\ava.exe" = protocol=6 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe |

"TCP Query User{928F1495-1938-45C9-9948-A1C82DCEECB4}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{D9CA9431-0649-43FA-B540-D87508188FBC}C:\users\rich\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\rich\program files\dna\btdna.exe |

"TCP Query User{E92D352F-4316-4AC1-862A-3191DECF2E22}C:\users\rich\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\rich\program files\dna\btdna.exe |

"TCP Query User{FE14C59B-3759-4589-BEE7-29E2F63BCBDA}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=6 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |

"UDP Query User{9FE1653A-7C54-43AA-B84F-2F017C47C3AC}C:\ijji\english\ava\binaries\ava.exe" = protocol=17 | dir=in | app=c:\ijji\english\ava\binaries\ava.exe |

"UDP Query User{B3D50CE5-D9DE-46D4-98FA-5489F487DF46}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{BC8F0B4E-755B-4A07-A5B8-D6046EF5CAAF}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |

"UDP Query User{D79E14A3-D13A-401C-889F-2B0341E26F17}C:\program files\gamersfirst\parabellum beta\binaries\parabellumthegame.exe" = protocol=17 | dir=in | app=c:\program files\gamersfirst\parabellum beta\binaries\parabellumthegame.exe |

"UDP Query User{DAECD415-3776-4202-9E4E-40CC5DD9A087}C:\users\rich\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\rich\program files\dna\btdna.exe |

"UDP Query User{F1F9F57B-69B1-4CEC-AF2B-464C39653A7D}C:\users\rich\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\rich\program files\dna\btdna.exe |

"UDP Query User{FF6157C4-A9C9-4DE8-9F5E-11315402578B}C:\program files\ijji\ijji reactor\reactor.exe" = protocol=17 | dir=in | app=c:\program files\ijji\ijji reactor\reactor.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data

"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE

"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar v1.0

"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{42AF51C0-4028-46CF-B616-FB1F75286457}" = A.V.A

"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement

"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet

"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector

"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI

"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs

"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide

"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr

"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{901DC58A-5C1B-4315-BA40-5AD3D3A463B9}" = ijji REACTOR

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup

"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect

"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran

[d0zer]

K....Elise, I've tried running GMER, as per your instructions, a couple of times now, and my laptop is not liking it.

It starts up and runs the initial scan fine. But each time I've clicked "Scan" it has run for a bit and then, the first time, the display driver crashed, was not able to recover, and I got a BSOD followed by a reboot. The second time GMER was running the scan but then stopped, saying it had experienced a problem, and was shutting down. The 3rd time, in Safe Mode, it said the same thing, that GMER had experienced a problem and was shutting down.

I turned of my AV protection, and closed all open programs before running it too.

[Elise]

Try to re-run GMER with the "devices" box unchecked.

[d0zer]

Try to re-run GMER with the "devices" box unchecked.

OK, that worked. But when I try and paste the results below, I get a white page with the message "Method not Implemented.....". Uploading the log file does not work either, as it tells me that I'm "not permitted to upload this type of file".

[Elise]

Did you just copy/paste the text of the log or did you try to attach the logfile?

[d0zer]

Did you just copy/paste the text of the log or did you try to attach the logfile?

I tried both, with the copy/paste method first. It was that attempt that gave me the "Method not Implemented" page.

Then, when I tried to upload the logfile, as an attachment, I got the "you are not permitted to upload this type of file" message.

[Elise]

Okay, lets leave it out for now, with a bit of luck Combofix will show me anything of importance.

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  
• Double click on Combofix.exe and follow the prompts.
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

[d0zer]

K.... Now I'm feeling stupid. I've disabled Windows Firewall and McAffee's Security Center--and for McAffee that's both the AV protection and the Firewall Plus sections. But ComboFix will not start. It crashes, with no error or reason given, right after the short progress bar approaches completion.

[Elise]

No need to feel stupid

Can you try it in safe mode?

[d0zer]

No need to feel stupid

Can you try it in safe mode?

Hey Elise. Sorry for taking so long to respond.

Anyway, yes, I tried it in safemode and the same thing happened.

Ya know, I don't know what the deal is. Granted last machine I ran this stuff on was using XP for an OS, vs Vista on mine, but still......

[d0zer]

K.... Elise, I renamed the logfile that GMER generated, making sure that is was saved with the ".txt" extension, and it let me upload it as an attachment. So, I've attached the logfile to this post. I hope it comes through OK for you.

And thanks for all your patience, not to mention all your help.

GmerLog.txt

[Elise]

Thanks, that came through just fine

Now lets concentrate on Combofix.

Please rename combofix.exe to random.exe (rightclick on the file and select "rename").

Try to run random.exe

[d0zer]

Thanks, that came through just fine

Now lets concentrate on Combofix.

Please rename combofix.exe to random.exe (rightclick on the file and select "rename").

Try to run random.exe

K....Renaming it seemed to work just fine. So, here's the log file generated by Combofix:

ComboFix 10-03-06.06 - rich 03/07/2010 2:37.1.2 - x86

Microsoft

[Elise]

Hello ,

P2P WARNING

-------------------

Going over your logs I noticed that you have BitTorrent installed.

[*] Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.

[*]They are a security risk which can make your computer susceptible to a sm

[d0zer]

Hello again Elise. OK, dunno where I picked up the Bit torrent app, but I deleted it. I do have an anti virus program in the form of McAffee Security Suite. I know, I know, its not the best. I'd much rather use something like Avira or ESET, but this came with the computer, and I still have a bunch of time left on the subscription. I don't know why it wouldn't show up in any of the scans as being installed.

Anyway, I have pasted the ComboFix log results below:

ComboFix 10-03-06.06 - rich 03/07/2010 10:14:04.2.2 - x86

Microsoft

[Elise]

Hello, McAfee is fine, but it does not show up in any of the scans indeed...

Can you also please run the MBAM scan (see previous post)?

How are things running now? Any problems left?

[d0zer]

And then, as per your instructions, here is the MB "Full Scan" log file:

Malwarebytes' Anti-Malware 1.44

Database version: 3833

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18882

3/7/2010 11:40:52 AM

mbam-log-2010-03-07 (11-40-52).txt

Scan type: Full Scan (C:\|D:\|)

Objects scanned: 250000

Time elapsed: 1 hour(s), 9 minute(s), 35 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

[d0zer]

And sorry for the delay in posting the logs. I just ran the scans and posted them in the order that they finished.

Everything seems to be running fine. I just wanted to be sure that every trace of that thing is gone.

Thanks for all your help though. I really appreciate all the time and effort you have put into helping me.

[Elise]

Hello , no problem, I understand the scans take some time

We have still a few things to take care of though.

UPDATE JAVA

------------------

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

• Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  
• Look for "Java Runtime Environment (JRE)" JRE 6 Update 18.
  
• Click the Download button to the right.
  
• Select your Platform: "Windows".
  
• Select your Language: "Multi-language".
  
• Read the License Agreement, and then check the box that says: "Accept License Agreement".
  
• Click Continue and the page will refresh.
  
• Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  
• Close any programs you may have running - especially your web browser.
  

Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.

• Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  
• Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-6u18-windows-i586.exe to install the newest version.
  

-- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.

-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.

-- The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.

Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
   ESET OnlineScan
   
2. Click the button.
   
3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
   1. 
      
   2. Click on to download the ESET Smart Installer. Save it to your desktop.
      
   3. Double click on the icon on your desktop.
      
      
   4. Check
      
   5. Click the button.
      
   6. Accept any security warnings from your browser.
      
   7. Check
      
   8. Push the Start button.
      
   9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
      
   10. When the scan completes, push
       
   11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
       Note - when ESET doesn't find any threats, no report will be created.
       
   12. Push the button.
       
   13. Push
       
       
       In your next reply, please include the following:
       • ESET online scan results
         

[d0zer]

OK.... As per your instructions, I ran the ESET scanner and generated the log contents pasted below. I do have one question though: I unchecked the "Fix infected files" box, was I supposed to do this? I made sure that "Scan Archives" was selected but your instructions didn't have any mention of the "Fix infected files" box, so I figured just to be safe, I unchecked it, knowing that I could just run the scan again and leave it checked off, if needed. Anyway, here's the logfile contents:

C:\Users\rich\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\4fcd05cf-310181bf probably a variant of Java/TrojanDownloader.Agent.AB trojan

C:\Users\rich\Downloads\Win-32.Trojan.Keylogger-Removal-Tool.exe probably unknown NewHeur_PE virus