Jump to content

Malware reappears after removal: PUM.UserWLoad, Trojan.Ransom


maa

Recommended Posts

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Link to post
Share on other sites

OTL.txt:

OTL logfile created on: 1/2/2013 6:49:10 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mario\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.68% Memory free

6.20 Gb Paging File | 4.41 Gb Available in Paging File | 71.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.96 Gb Total Space | 3.03 Gb Free Space | 2.18% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.50% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 35.95 Gb Free Space | 7.72% Space Free | Partition Type: NTFS

Computer Name: NOFACE | User Name: Mario | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/02 18:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe

PRC - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012/10/02 14:29:14 | 000,864,616 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2012/10/02 14:28:55 | 001,820,520 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

PRC - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2012/02/03 12:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe

PRC - [2012/02/03 12:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe

PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

PRC - [2011/06/17 12:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe

PRC - [2010/12/16 10:57:20 | 000,956,416 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe

PRC - [2009/08/17 09:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/08/17 09:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

PRC - [2009/05/21 09:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe

PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2008/09/19 07:30:34 | 003,674,112 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe

PRC - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe

PRC - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe

PRC - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2007/03/26 14:00:04 | 000,102,400 | ---- | M] (Bentley Systems, Incorporated) -- C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe

PRC - [2007/02/08 00:16:24 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe

PRC - [2006/11/28 05:34:38 | 000,134,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe

PRC - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe

PRC - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe

PRC - [2006/11/22 16:12:36 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe

PRC - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

PRC - [2006/11/12 01:19:46 | 000,446,976 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe

PRC - [2006/10/20 16:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

PRC - [2006/09/29 11:39:20 | 000,151,552 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

========== Modules (No Company Name) ==========

MOD - [2012/12/14 13:26:59 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\d1cdb687ca296d0e95ff3abe946cb3c7\Microsoft.VisualBasic.ni.dll

MOD - [2012/12/14 13:25:50 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6525d5b1a3b2cbea3301959a47b353c2\System.ServiceProcess.ni.dll

MOD - [2012/12/14 13:25:46 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ac05afefb5b28893d44ec451da0e6d4e\System.Web.ni.dll

MOD - [2012/12/14 13:25:38 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\2633dbf77be293b3a8693b6b062fd787\System.Runtime.Remoting.ni.dll

MOD - [2012/12/14 13:25:27 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\d08cb6b1c4052e6f5a4e2452870d67d7\System.Management.ni.dll

MOD - [2012/12/14 13:25:20 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7f15d0cb7e4f87f86e425d5ffe7e8280\System.Configuration.ni.dll

MOD - [2012/12/14 13:23:40 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\741164a3e36f879b9f9e3ff176465127\System.Xml.ni.dll

MOD - [2012/12/14 13:23:24 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\22e554f2c4da53c07e4815a24e2d50e2\System.Windows.Forms.ni.dll

MOD - [2012/12/14 13:23:15 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\2c6cd37f29fc76d6c2ed6bbed202d82c\System.Drawing.ni.dll

MOD - [2012/12/14 13:23:06 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ee724aeea5f1b9d8a01fa6047fd2ef99\System.Data.ni.dll

MOD - [2012/12/14 13:22:27 | 007,976,960 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\b2052acbbbba4f98585196872195e009\System.ni.dll

MOD - [2012/12/14 13:22:17 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7ad9c44df3b85848590e63f13fc59804\mscorlib.ni.dll

MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/12/16 10:36:18 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll

MOD - [2010/12/16 10:36:16 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll

MOD - [2010/12/16 10:36:10 | 000,200,704 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libpcre.dll

MOD - [2009/08/17 09:26:24 | 000,049,152 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\Memeo.API.dll

MOD - [2009/07/29 15:24:14 | 000,504,293 | ---- | M] () -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\sqlite3.dll

MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MOD - [2006/10/26 15:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL

========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)

SRV - [2012/12/12 23:31:58 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/10/27 13:06:25 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/10/10 21:15:04 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012/10/02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/03 12:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)

SRV - [2011/06/17 12:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)

SRV - [2010/04/15 08:38:29 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)

SRV - [2009/11/06 11:00:44 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2009/08/17 09:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/06/16 08:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2008/09/19 03:03:58 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)

SRV - [2008/08/13 17:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter)

SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/12 17:32:20 | 001,253,568 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\RpcSandraSrv.exe -- (SandraTheSrv)

SRV - [2007/12/12 17:31:58 | 000,213,176 | ---- | M] (SiSoftware) [On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII.SP1\Win32\RpcDataSrv.exe -- (SandraDataSrv)

SRV - [2007/10/26 14:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2007/07/11 16:25:20 | 000,025,640 | R--- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)

SRV - [2007/03/26 14:00:04 | 000,102,400 | ---- | M] (Bentley Systems, Incorporated) [Auto | Running] -- C:\Program Files\Bentley\SELECTserver\Bentley.SelectServer.Gateway.exe -- (Bentley SELECT Server Gateway)

SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)

SRV - [2006/11/28 05:34:26 | 000,122,008 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)

SRV - [2006/11/28 05:34:18 | 001,962,136 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)

SRV - [2006/11/28 05:34:00 | 000,030,872 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)

SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)

SRV - [2006/11/22 16:12:16 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)

SRV - [2006/11/07 12:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)

SRV - [2006/10/31 09:32:09 | 002,541,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)

SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Mario\AppData\Local\Temp\catchme.sys -- (catchme)

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)

DRV - [2012/10/10 21:14:28 | 010,837,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2012/09/17 03:00:00 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121212.006\NAVEX15.SYS -- (NAVEX15)

DRV - [2012/09/17 03:00:00 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20121212.006\NAVENG.SYS -- (NAVENG)

DRV - [2012/07/31 19:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/07/31 19:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2009/11/08 22:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)

DRV - [2007/10/26 14:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)

DRV - [2007/06/09 19:27:59 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2007/02/08 19:05:30 | 000,028,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)

DRV - [2007/02/08 19:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)

DRV - [2007/01/31 13:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)

DRV - [2007/01/18 16:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)

DRV - [2006/11/22 15:17:06 | 000,274,328 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)

DRV - [2006/11/22 15:17:06 | 000,247,144 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)

DRV - [2006/11/22 15:17:06 | 000,025,448 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)

DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)

DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)

DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)

DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2006/10/26 11:01:34 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)

DRV - [2006/10/26 11:01:34 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)

DRV - [2006/10/06 13:26:16 | 000,406,672 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2006/08/17 14:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7DKUS

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://support.dell.com/support/in [binary data over 200 bytes]

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60341

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7DLUS_en&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=OmyzwPx2JnLS6GhGmPVW8C6J31E?q={searchTerms}

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://www.epcompanion.org"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - prefs.js..keyword.enabled: false

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.3146: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found

FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@xmlauthor.com/downloads: C:\Windows\system32\npmirage.dll (XMLAuthor Inc.)

FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Mario\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)

FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\Mario\AppData\Roaming\nprhapengine.dll File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mario\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/01/01 23:37:50 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/04 20:47:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 13:06:26 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 13:06:18 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\Mario\AppData\Roaming\Move Networks [2012/12/04 20:59:58 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/10/27 13:06:26 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/10/27 13:06:18 | 000,000,000 | ---D | M]

[2008/09/11 14:59:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Extensions

[2010/08/13 18:44:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions

[2010/02/10 11:24:27 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2010/07/22 07:32:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2012/10/22 17:59:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\5xwdjfww.New Profile1\extensions

[2012/07/15 19:13:38 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\5xwdjfww.New Profile1\extensions\isreaditlater@ideashower.com.xpi

[2008/05/03 23:13:59 | 000,001,504 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\imdb.xml

[2010/08/07 16:04:21 | 000,001,562 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\tableratings.xml

[2008/05/04 16:11:14 | 000,000,705 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\webster.xml

[2008/05/04 09:24:48 | 000,001,032 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\3l4hn9aq.default\searchplugins\wikipedia-eng.xml

[2012/10/27 13:06:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

[2012/12/04 20:59:58 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\MARIO\APPDATA\ROAMING\MOVE NETWORKS

[2012/10/27 13:06:26 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012/08/30 17:19:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012/10/13 15:50:30 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.epcompanion.org/

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}

CHR - homepage: http://www.epcompanion.org/

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mario\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll

CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll

CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL

CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

CHR - plugin: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll

CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll

CHR - plugin: DNA Plug-in (Enabled) = C:\Program Files\DNA\plugins\npbtdna.dll

CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

CHR - plugin: Java Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll

CHR - plugin: RealNetworks Rhapsody Player Engine (Enabled) = C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll

CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Mario\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\Mario\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll

CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

CHR - plugin: XMLAuthor Inc. npmirage (Enabled) = C:\Windows\system32\npmirage.dll

CHR - plugin: iTunes Application Detector (Enabled) = F:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

CHR - Extension: Speed Dial = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpdioedihjhncjafcpgbbjdpbbkikmi\2.5.2_0\

CHR - Extension: Springpad = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkmopoamfjnmppabeaphohombnjcjgla\6_0\

CHR - Extension: Quick Note = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok\1.4.2_0\

CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Mario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/12/16 14:30:27 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O2 - BHO: (IE Developer Toolbar BHO) - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (no name) - {10CECF4F-A96E-4803-8AC2-F565FB29FF47} - No CLSID value found.

O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )

O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

O4 - HKLM..\Run: [RMAlert] C:\Program Files\PC Tools Registry Mechanic\Alert.exe (PC Tools)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)

O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)

O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)

O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk = C:\Users\Mario\AppData\Local\temp\_uninst_91616670.bat ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-293651391-2175594108-1919989058-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O9 - Extra Button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Domains: msn.com ([moneycentral] https in Trusted sites)

O15 - HKU\S-1-5-21-293651391-2175594108-1919989058-1000\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} http://download.microsoft.com/download/7/1/D/71D9F11F-0C02-4707-9D60-D56EA8951020/pmupd806.exe (Reg Error: Key error.)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx (AcDcToday Control)

O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.10.2)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx (AcPreview Control)

O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{95BD10A2-992E-4E20-AAAE-45F7BB90EB14}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)

O24 - Desktop WallPaper: C:\Users\Mario\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O24 - Desktop BackupWallPaper: C:\Users\Mario\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/08/05 15:57:05 | 000,000,073 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/02 18:44:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe

[2012/12/31 14:20:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2012/12/31 13:51:28 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\JavaRa

[2012/12/25 23:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2012/12/17 20:26:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012/12/16 14:34:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012/12/16 14:34:00 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2012/12/16 14:34:00 | 000,000,000 | ---D | C] -- C:\Users\Mario\AppData\Local\temp

[2012/12/16 14:08:03 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012/12/16 14:08:03 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012/12/16 14:08:03 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012/12/16 14:07:47 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012/12/16 14:07:11 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2012/12/16 13:54:32 | 005,010,912 | R--- | C] (Swearware) -- C:\Users\Mario\Desktop\ComboFix.exe

[2012/12/15 12:23:22 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\tdsskiller.exe

[2012/12/14 15:07:02 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\DDS logs - 1st run

[2012/12/14 14:07:31 | 000,000,000 | ---D | C] -- C:\Users\Mario\Desktop\mbar-1.01.0.1011

[2012/12/13 02:04:19 | 000,052,584 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll

[2012/12/13 02:03:14 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation

[2012/12/12 23:33:44 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Mario\Desktop\dds.com

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/02 18:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mario\Desktop\OTL.exe

[2013/01/02 18:30:16 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/01/02 18:27:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000UA.job

[2013/01/02 18:19:02 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/01/02 18:17:56 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2013/01/02 18:17:56 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2013/01/02 18:17:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/01/02 00:08:11 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/01/01 20:49:56 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-293651391-2175594108-1919989058-1000Core.job

[2012/12/31 13:47:22 | 000,135,237 | ---- | M] () -- C:\Users\Mario\Desktop\JavaRa-2.0.zip

[2012/12/28 01:58:35 | 000,086,528 | ---- | M] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012/12/28 01:08:43 | 000,001,356 | ---- | M] () -- C:\Users\Mario\AppData\Local\d3d9caps.dat

[2012/12/25 23:06:36 | 000,000,847 | ---- | M] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk

[2012/12/25 21:58:22 | 149,564,568 | ---- | M] () -- C:\Users\Mario\Desktop\setup_11.0.0.1245.x01_2012_12_26_05_15.exe

[2012/12/21 18:13:41 | 001,845,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2012/12/19 01:12:45 | 000,001,441 | ---- | M] () -- C:\scu.dat

[2012/12/17 20:28:23 | 000,002,048 | ---- | M] () -- C:\Users\Mario\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2012/12/16 14:30:27 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012/12/16 13:55:04 | 005,010,912 | R--- | M] (Swearware) -- C:\Users\Mario\Desktop\ComboFix.exe

[2012/12/15 12:23:40 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Mario\Desktop\tdsskiller.exe

[2012/12/14 14:52:53 | 000,615,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012/12/14 14:52:53 | 000,108,498 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012/12/14 14:14:56 | 000,029,882 | ---- | M] () -- C:\Users\Mario\Desktop\mbar message.jpg

[2012/12/14 13:16:26 | 013,485,902 | ---- | M] () -- C:\Users\Mario\Desktop\mbar-1.01.0.1011.zip

[2012/12/12 23:49:53 | 000,415,948 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2012/12/12 23:49:52 | 000,415,948 | ---- | M] () -- C:\ProgramData\nvModes.001

[2012/12/12 23:35:06 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Mario\Desktop\dds.com

[2012/12/12 22:52:36 | 000,022,494 | ---- | M] () -- C:\Users\Mario\Desktop\startup error.jpg

[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/31 13:47:18 | 000,135,237 | ---- | C] () -- C:\Users\Mario\Desktop\JavaRa-2.0.zip

[2012/12/25 23:06:36 | 000,000,847 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk

[2012/12/25 21:56:16 | 149,564,568 | ---- | C] () -- C:\Users\Mario\Desktop\setup_11.0.0.1245.x01_2012_12_26_05_15.exe

[2012/12/17 23:37:48 | 000,001,441 | ---- | C] () -- C:\scu.dat

[2012/12/16 14:08:03 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012/12/16 14:08:03 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012/12/16 14:08:03 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012/12/16 14:08:03 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012/12/16 14:08:03 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012/12/14 14:14:56 | 000,029,882 | ---- | C] () -- C:\Users\Mario\Desktop\mbar message.jpg

[2012/12/14 13:15:53 | 013,485,902 | ---- | C] () -- C:\Users\Mario\Desktop\mbar-1.01.0.1011.zip

[2012/12/13 01:58:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

[2012/12/13 01:58:04 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

[2012/12/12 22:52:35 | 000,022,494 | ---- | C] () -- C:\Users\Mario\Desktop\startup error.jpg

[2012/10/27 22:37:36 | 005,664,546 | ---- | C] () -- C:\Users\Mario\firefox bookmarks1.html

[2012/04/05 23:20:43 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe

[2011/03/16 19:09:20 | 000,012,020 | -HS- | C] () -- C:\Users\Mario\AppData\Local\3130882944

[2010/04/13 16:04:40 | 000,005,083 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf

[2010/02/16 11:04:52 | 000,386,560 | ---- | C] () -- C:\Users\Mario\RCH_Stock_Market_Functions.xla

[2009/12/11 22:17:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2009/10/09 14:48:30 | 000,415,948 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/10/09 14:48:30 | 000,415,948 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/09/22 21:25:14 | 000,001,356 | ---- | C] () -- C:\Users\Mario\AppData\Local\d3d9caps.dat

[2009/07/10 12:15:34 | 000,004,924 | ---- | C] () -- C:\ProgramData\ojvzdisj.xda

[2009/03/24 10:30:57 | 000,004,096 | -H-- | C] () -- C:\Users\Mario\AppData\Local\keyfile3.drm

[2007/11/05 15:16:13 | 000,000,093 | ---- | C] () -- C:\Users\Mario\AppData\Local\fusioncache.dat

[2007/09/25 19:13:05 | 000,003,737 | ---- | C] () -- C:\Users\Mario\Desktop(2)

[2007/04/22 21:59:07 | 000,000,000 | ---- | C] () -- C:\Users\Mario\AppData\Roaming\wklnhst.dat

[2007/04/22 20:57:20 | 000,086,528 | ---- | C] () -- C:\Users\Mario\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

========== LOP Check ==========

[2009/05/05 16:50:08 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\.purple

[2012/11/14 08:09:01 | 000,000,000 | -HSD | M] -- C:\Users\Mario\AppData\Roaming\8A1713

[2010/11/08 22:56:37 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\AnvSoft

[2010/04/18 21:33:06 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Autodesk

[2007/11/05 16:30:59 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Bentley

[2009/05/15 16:33:11 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\DMCache

[2008/09/02 13:20:27 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\DNA

[2012/10/22 18:31:00 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Dropbox

[2012/11/14 20:07:23 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Fuoda

[2009/11/22 13:18:52 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Leadertech

[2012/11/13 19:27:35 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Luagod

[2012/11/13 19:25:39 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Papa

[2008/01/08 04:27:20 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\pdf995

[2009/02/11 13:45:34 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Pokerazor

[2011/12/28 22:31:41 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Stardock

[2009/04/30 13:40:21 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\TeamViewer

[2007/04/22 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Template

[2012/12/14 14:07:24 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\uTorrent

[2009/11/19 19:25:34 | 000,000,000 | ---D | M] -- C:\Users\Mario\AppData\Roaming\Western Digital

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 209 bytes -> C:\ProgramData\TEMP:B0A96209

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:8CEFE51A

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C05A8628

@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >

Link to post
Share on other sites

Extras.txt:

OTL Extras logfile created on: 1/2/2013 6:49:10 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mario\Desktop

Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 33.68% Memory free

6.20 Gb Paging File | 4.41 Gb Available in Paging File | 71.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 138.96 Gb Total Space | 3.03 Gb Free Space | 2.18% Space Free | Partition Type: NTFS

Drive D: | 10.00 Gb Total Space | 6.75 Gb Free Space | 67.50% Space Free | Partition Type: NTFS

Drive F: | 465.76 Gb Total Space | 35.95 Gb Free Space | 7.72% Space Free | Partition Type: NTFS

Computer Name: NOFACE | User Name: Mario | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Classes\<extension>]

.bat [@ = batfile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{1D8C2737-3837-4F4A-953B-E212C91E40DF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{2A5CE730-4572-4DC1-A5F6-A93F9227FD0A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{2CB19442-94FB-40B1-9D3C-E36BCEDE267B}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\rpcsandrasrv.exe |

"{5640303A-CA50-4D41-BEE3-417DE40D9C23}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5A22518E-F1AA-4958-894F-C7FAF4836282}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{5DB78D6E-6592-4C82-A554-E3E7EC35BAF1}" = rport=10243 | protocol=6 | dir=out | app=system |

"{63E1AC1B-57D3-4395-AE1C-C6591C635FE0}" = lport=rpc | protocol=6 | dir=in | app=c:\program files\sisoftware\sisoftware sandra lite xii.sp1\win32\rpcdatasrv.exe |

"{6660BA29-248E-499E-B8D0-88984AEDA131}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

"{8AB256E8-6F83-48CD-9936-21D54C7D659B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

"{A0573678-D080-4F7C-B90B-D71A8974FE41}" = lport=2869 | protocol=6 | dir=in | app=system |

"{C68C873F-9067-44C3-AF2F-EEBA8F55733A}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{C834EFBF-4A23-49D8-A0BF-7666CD056A10}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{ECC09929-3F8C-4E17-9EF9-3BE2E6B12417}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |

"{EE52F220-D8A1-4FBF-B319-8CA5FC79F708}" = lport=10243 | protocol=6 | dir=in | app=system |

"{EEC304D6-AF8F-4C81-A742-562FE1E4CA0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{F54E84E1-C9DD-48A5-8967-B7B9F8EB7886}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01EB3169-F627-43AA-99DD-4BFF745E92D0}" = protocol=6 | dir=in | app=f:\program files\itunes\itunes.exe |

"{0A42B183-7650-400B-ACAB-4A48A95849B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{184F61FE-4C6E-4D1C-A154-71B6354F8C27}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{18C2B24C-DD78-49AC-A3E4-D808B3AEA1DB}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |

"{19C70447-9B3C-43D5-9574-3F0EE26DB609}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{1C0F94DF-6A1D-435A-8259-71A459B52598}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{2237E4A8-53B4-4CDD-8F8D-DC0EFE968C44}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"{24EC1A1B-61EF-4BC3-A2F2-CF23FB9667EC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{2B6EFDD5-5BFD-4C8E-BB7B-A84483C873EC}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{2EE8A05F-637B-4FEB-9510-6E8859356064}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{349B43D0-D9F1-4958-9D83-119FBDF31122}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{35F9C0E1-A070-46B6-B5CF-8345F79C9857}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{44F8ADE0-35A7-4624-B5C9-6AB937DA8507}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5241BE76-D6C2-433A-B8C2-7AFBBEB3E277}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |

"{52E04BCD-EC4F-4F65-B51F-B930FF62CE75}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{533E2A8D-BABE-4A03-9A79-7D5F6F682775}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{551DCBCF-CFB3-4722-A251-AB76070B27B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5796C31A-5447-4806-B4C1-DBC0B685A02D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{5F5EA076-7E43-419C-BAFE-08DC210AD780}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{5F78A92A-33E0-4E29-9B2D-BC46EA0CA170}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{63066B05-76CA-43D4-B010-640624D19DB9}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{6BB0ABE5-19A0-4F32-BCB0-D7E2A538CB99}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |

"{7014662B-0856-48ED-92A3-24A2DC1D674E}" = protocol=6 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe |

"{716DB8F8-6BB0-4954-B8ED-C65D747E1B0E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |

"{74A98A37-E7BF-41ED-8AFC-E94EBFD7763E}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |

"{761CB22C-BE72-4EB3-ACC2-B6DF032C85B3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{769F72B2-57E7-401C-88E9-3E6D55EF8A55}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{76A32861-F7B8-484E-B107-CA16A19DF073}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{77AA929B-8E81-47ED-B2F5-E46903BF5A9E}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{7C041B2E-01D1-4B2E-ACF5-0CF1BBB00C09}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{85EC71EB-99CA-43F3-8960-11D63FA5F94C}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{8BB629AC-EFE0-47C8-BAD7-D22E13F2673C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{8E3A54D8-7393-4D47-9AC7-21B29B52A7BC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |

"{8EFB1E56-5DAD-418E-A34C-B0DFD0B6C28D}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9076E82D-B962-45AC-9255-095DBA9D66B8}" = protocol=6 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |

"{918DBF11-3008-4A27-A2D6-1C6388552CAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{9329DF39-092E-4BF4-A09C-099E1ADFBE29}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{94D9B2E2-7961-4E65-B703-4A045BADD5DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{98C9CE01-6219-46B6-8170-244BECB526EC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{9CEA3E03-073D-471A-9557-46D662C68E42}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{A326D819-1D83-4386-AA9C-FC86E736BC01}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{A8DABBF7-8DB0-4F67-9B90-80B376A2B06E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{AEEE594D-D551-4E86-8979-62F9091C84D8}" = protocol=1 | dir=in | name=sisoftware database agent service (icmp-in) |

"{B2FAEA6A-FD17-4671-9F16-DB31A5C935E6}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{B42F15C8-36DD-41B1-83C1-29E9F4900A83}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

"{B84103E0-B9D2-42B2-8D9F-DF7A848ED0AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |

"{BF531A01-F287-4902-89C4-A332439B4F45}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{BFFF63E0-ABB9-4B3A-99FD-580D85399AA1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{C1226EDA-1516-49B6-BF6C-F760D44E6F22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |

"{C3E6AEFB-695C-46AF-B95B-0080E033DCBA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{CD62D56B-CC27-42B3-B436-0D4B32B858C5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

"{D187D326-A604-4D3F-B405-887C9FAE7013}" = protocol=6 | dir=out | app=system |

"{DC35B95F-53C0-41EA-8EA9-07BA6B52030E}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |

"{DCCA2BA7-0C32-4458-9B78-97DE9A8C5B59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |

"{DF353FCB-DE21-4851-8E63-347102507391}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{E3D5F0A2-E69D-4288-9EDD-E2CE81A69B99}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |

"{E504FDE3-89BB-468D-8ACE-CA29E0A437FF}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |

"{E54E3AAB-1AD2-472D-BE09-931BC5746792}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{E5F5DB0B-A413-43D9-B381-A18E0454D031}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |

"{E9B83EBA-F297-439D-BF0E-1789E2B279B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{EBFFBB72-FA3F-45F2-92B4-D5A0D2D4284E}" = dir=in | app=c:\program files\skype\phone\skype.exe |

"{F01CEE94-0BB0-4040-929E-A346D6B27765}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |

"{F1C53632-37B2-4CCA-9396-9A21A10B445E}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |

"{FB41452E-5EA0-499A-B86D-44C47CFFC316}" = protocol=17 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe |

"{FC590F60-A952-4A71-86FC-E27481CECD72}" = protocol=17 | dir=in | app=c:\program files\symantec antivirus\rtvscan.exe |

"TCP Query User{186FAE04-743F-47E5-A6A1-63707891B742}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{3067B47A-341E-4877-8464-D9296EE20818}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |

"TCP Query User{385FD31A-83C7-4E3D-AFC2-0CED761A4283}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=6 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

"TCP Query User{3B2E236E-80A1-4C81-9CCE-9C1C902CB572}C:\blp\wintrv\wintrv.exe" = protocol=6 | dir=in | app=c:\blp\wintrv\wintrv.exe |

"TCP Query User{3CFF1882-FE3A-42D6-BF3C-7F0CA83025C9}C:\blp\wintrv\wintrv.exe" = protocol=6 | dir=in | app=c:\blp\wintrv\wintrv.exe |

"TCP Query User{4D138DA9-3296-4243-A75F-AC8BDA7E11A9}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"TCP Query User{61943F57-2454-487A-B428-258DB6395D1E}F:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=f:\program files\itunes\itunes.exe |

"TCP Query User{66529CC3-6D70-44C3-BF2D-2CB19C0FBE60}C:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{66E35D12-7DFB-45ED-9F1B-B51F31A5E036}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"TCP Query User{6A959463-B5EE-44DF-A4F7-03D0FD6981EE}C:\program files\stc\qa_07_05\wwwroot\cbt.exe" = protocol=6 | dir=in | app=c:\program files\stc\qa_07_05\wwwroot\cbt.exe |

"TCP Query User{A48FAC7C-D986-45D5-8605-49713FF4B600}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"TCP Query User{B79367CC-BB30-4BF2-961C-E77F62061993}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |

"TCP Query User{E53EE2CC-FB3B-41CE-BB15-41FF02BFF493}C:\blp\api\bbcomm.exe" = protocol=6 | dir=in | app=c:\blp\api\bbcomm.exe |

"UDP Query User{07D67426-EEA1-4078-9A1A-C235078908C6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |

"UDP Query User{08D8E764-6F4D-438C-A5C3-0C3D80CD1B4D}C:\blp\api\bbcomm.exe" = protocol=17 | dir=in | app=c:\blp\api\bbcomm.exe |

"UDP Query User{0ACEFEAF-89E6-4639-8C92-400E600F9D7A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{75D156A4-BD5A-475C-98C0-A2FA2E6A50E7}C:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\mario\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{8F9373FE-9F09-49D3-BE39-B296075002FE}C:\program files\spyware terminator\spywareterminatorupdate.exe" = protocol=17 | dir=in | app=c:\program files\spyware terminator\spywareterminatorupdate.exe |

"UDP Query User{91C971D4-F07B-43A5-8F78-4727B9C1F13F}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |

"UDP Query User{B1181B10-79EE-4F59-9336-D482F30E602F}C:\program files\stc\qa_07_05\wwwroot\cbt.exe" = protocol=17 | dir=in | app=c:\program files\stc\qa_07_05\wwwroot\cbt.exe |

"UDP Query User{B20AE0CD-771A-4E76-8C0D-70B3F5A1E194}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |

"UDP Query User{D49376ED-3AC0-4469-81AA-F62E426B974C}C:\blp\wintrv\wintrv.exe" = protocol=17 | dir=in | app=c:\blp\wintrv\wintrv.exe |

"UDP Query User{E6B80DBA-98E5-4048-848E-F74263B7C8DD}C:\blp\wintrv\wintrv.exe" = protocol=17 | dir=in | app=c:\blp\wintrv\wintrv.exe |

"UDP Query User{F38FC82C-37C3-4055-9B68-0378C2001942}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |

"UDP Query User{F8382B6A-A389-4075-B432-07881876B0BA}C:\program files\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3

"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.1 (r518)

"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3

"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs

"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data

"{0DF34F71-6182-474F-B6FE-0B2AF069E6FD}" = VBA (2627.01)

"{0F756CD9-4A1E-409B-B101-601DDC4C03AA}" = Qualxserve Service Agreement

"{10CD364B-FFCC-48BE-B469-B9622A033075}" = Fences

"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1

"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard

"{14ECAABB-C8B9-4A09-92F7-CDF1A45B6DDE}" = Google Drive

"{159C13FA-82AF-4DD9-8BC9-5EA368613A20}" = WebEx Recorder and Player

"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin

"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets

"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)

"{26A24AE4-039D-4CA4-87B4-2F83217010FF}" = Java 7 Update 10

"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD

"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3

"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes

"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder

"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager

"{32A5AE69-72DD-4E99-BE79-27E1ED6F4F43}" = Bentley SELECT Server V8 XM Edition

"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module

"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{3FA5E4CC-58ED-4ED0-AC9E-ED0759E9166E}" = RedistSysFiles

"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup

"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content

"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings

"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3

"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video

"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)

"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002

"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English

"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3

"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides

"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy

"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler

"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All

"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3

"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files

"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash

"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel

"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour

"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3

"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{7C9E6E52-EB11-44DB-A761-82D5D873A8D9}" = Symantec AntiVirus

"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3

"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport

"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio

"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles

"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection

"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090

"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin

"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8DFB3904-FBDB-4C2B-AC98-20EFDD37C83D}" = GameTime+

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007

"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007

"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007

"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager

"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core

"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI

"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings

"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3

"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings

"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AC8A37CB-39AD-46C2-9AB5-F6FBE037CC57}" = Bentley MicroStation V8 XM Edition 08.09.04.51

"{AFD9E698-03C2-4E88-80A6-1496562D4304}" = Google SketchUp 7.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3

"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3

"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3

"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BB65C393-C76E-4F06-9B0C-2124AA8AF97B}" = Adobe Flash Player 9 ActiveX

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2096}_is1" = SiSoftware Sandra Lite XII.SP1

"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3

"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX

"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update

"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE

"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240C2}" = WinZip 15.5

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files

"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3

"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE

"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings

"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime

"{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare

"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings

"{E07B7A31-E160-466D-A003-3BB7B8989D52}" = Full Tilt Poker.Net

"{E31E2A9F-D76D-49DD-9851-930DD1B0A081}" = Poker Grapher

"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)

"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3

"{E7081891-BC7F-43F9-9CE6-B5DD2F497156}" = Internet Explorer Developer Toolbar

"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler

"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3

"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10

"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3

"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.1

"{F972403C-BFE4-49EB-82B8-10D0FDBD1BB1}" = VirtualDJ Home FREE

"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3

"7-Zip" = 7-Zip 4.57

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection

"Any Video Converter_is1" = Any Video Converter 3.1.0

"AutoCAD 2008 - English" = AutoCAD 2008 - English

"AutoHotkey" = AutoHotkey 1.0.48.05

"Bloomberg SFD Data Dictionary" = Bloomberg SFD Data Dictionary

"CCleaner" = CCleaner

"CinemaForge" = CinemaForge

"Cisco Connect" = Cisco Connect

"DivX Setup" = DivX Setup

"ENTERPRISE" = Microsoft Office Enterprise 2007

"ESET Online Scanner" = ESET Online Scanner v3

"Fences" = Fences

"Free iPod Video Converter_is1" = Free iPod Video Converter 1.26

"Google Desktop" = Google Desktop

"GTK 2.0" = GTK+ Runtime 2.12.1 rev b (remove only)

"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video

"KLiteCodecPack_is1" = K-Lite Codec Pack 2.27 Full

"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000

"McAfee Security Scan" = McAfee Security Scan Plus

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"MoneyToolbox" = MSN Money Investment Toolbox

"Mozilla Firefox 16.0.2 (x86 en-US)" = Mozilla Firefox 16.0.2 (x86 en-US)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Pdf995" = Pdf995

"Pidgin" = Pidgin

"Poker Tracker Version 2.16.03d_is1" = Poker Tracker Version 2.16.03d

"PokerAce Hud" = PokerAce Hud (remove only)

"Pokerazor" = Pokerazor 1.28

"PokerStars" = PokerStars

"PokerTracker3" = PokerTracker 3 (remove only)

"PowerISO" = PowerISO

"RealPlayer 6.0" = RealPlayer

"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.0

"VLC media player" = VLC media player 1.0.0

"WinRAR archiver" = WinRAR archiver

"Xvid_is1" = Xvid 1.2.2 final uninstall

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-293651391-2175594108-1919989058-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 2/11/2011 4:56:42 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 2/11/2011 4:56:51 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 2/11/2011 7:59:46 PM | Computer Name = NoFace | Source = Application Error | ID = 1000

Description = Faulting application postgres.exe, version 8.3.4.8262, time stamp

0x48d39b63, faulting module kernel32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,

exception code 0xc0000142, fault offset 0x00009f7d, process id 0x15d0, application

start time 0x01cbca47c17107f7.

Error - 2/11/2011 8:41:44 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 2/11/2011 8:41:48 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 2/12/2011 12:57:18 AM | Computer Name = NoFace | Source = Application Error | ID = 1000

Description = Faulting application postgres.exe, version 8.3.4.8262, time stamp

0x48d39b63, faulting module kernel32.dll, version 6.0.6002.18327, time stamp 0x4cb73436,

exception code 0xc0000142, fault offset 0x00009f7d, process id 0x124c, application

start time 0x01cbca71525016ea.

Error - 2/12/2011 5:31:30 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 2/12/2011 5:31:31 PM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 2/13/2011 1:54:11 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

Error - 2/13/2011 1:54:13 AM | Computer Name = NoFace | Source = Microsoft-Windows-CAPI2 | ID = 131585

Description =

[ System Events ]

Error - 12/28/2012 2:13:45 AM | Computer Name = NoFace | Source = LSM | ID = 1048

Description =

Error - 12/28/2012 10:20:24 AM | Computer Name = NoFace | Source = LSM | ID = 1048

Description =

Error - 12/28/2012 11:34:50 AM | Computer Name = NoFace | Source = Service Control Manager | ID = 7011

Description =

Error - 12/30/2012 9:03:07 PM | Computer Name = NoFace | Source = LSM | ID = 1048

Description =

Error - 12/31/2012 2:37:14 PM | Computer Name = NoFace | Source = LSM | ID = 1048

Description =

Error - 12/31/2012 5:55:11 PM | Computer Name = NoFace | Source = LSM | ID = 1048

Description =

Error - 12/31/2012 6:01:08 PM | Computer Name = NoFace | Source = Service Control Manager | ID = 7022

Description =

Error - 1/2/2013 7:18:10 PM | Computer Name = NoFace | Source = LSM | ID = 1048

Description =

Error - 1/2/2013 7:23:01 PM | Computer Name = NoFace | Source = Service Control Manager | ID = 7022

Description =

Error - 1/2/2013 8:00:58 PM | Computer Name = NoFace | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20

Description =

< End of report >

Link to post
Share on other sites

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    O4 - Startup: C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk = C:\Users\Mario\AppData\Local\temp\_uninst_91616670.bat ()
    :files
    ipconfig /flushdns /c
    :Commands
    [emptytemp]
    [clearallrestorepoints]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Please post the OTL fix log in your next reply.

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

Link to post
Share on other sites

After running this, the popup message on startup no longer appears. Here is the log:

All processes killed

========== OTL ==========

C:\Users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_91616670.lnk moved successfully.

C:\Users\Mario\AppData\Local\temp\_uninst_91616670.bat moved successfully.

========== FILES ==========

< ipconfig /flushdns /c >

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

C:\Users\Mario\Desktop\cmd.bat deleted successfully.

C:\Users\Mario\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Mario

->Temp folder emptied: 1758243217 bytes

->Temporary Internet Files folder emptied: 256642090 bytes

->Java cache emptied: 51051462 bytes

->FireFox cache emptied: 104176020 bytes

->Google Chrome cache emptied: 23274921 bytes

->Flash cache emptied: 4321070 bytes

User: postgres

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

User: Public

->Temp folder emptied: 0 bytes

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1457527563 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 8588315 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 3,494.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01082013_210101

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Link to post
Share on other sites

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Also, let me know how are things then.

Link to post
Share on other sites

Maniac,

Below is the log file from JRT. The popup no longer appears on startup and I haven't noticed any other issues. Should I uninstall any of the programs I ran through the course of this cleaning? Are there any other steps?

Thanks,

maa

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.4.2 (01.08.2013:1)

OS: Windows Vista Home Basic x86

Ran by Mario on Wed 01/09/2013 at 21:17:24.92

Blog: http://thisisudax.blogspot.com

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\searchscopes\\DefaultScope

Successfully repaired: [Registry Value] hkey_users\S-1-5-21-293651391-2175594108-1919989058-1000\software\microsoft\internet explorer\searchscopes\\DefaultScope

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\Users\Mario\appdata\locallow\boost_interprocess"

~~~ FireFox

Successfully deleted: [File] "C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\3l4hn9aq.default\extensions\isreaditlater@ideashower.com.xpi"

Emptied folder: C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\3l4hn9aq.default\minidumps [2 files]

Emptied folder: C:\Users\Mario\AppData\Roaming\mozilla\firefox\profiles\5xwdjfww.New Profile1\minidumps [17 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 01/09/2013 at 21:19:55.83

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

Glad everything is fine there! :)

We could clean this mess.

Please run OTL and click on CleanUp button. Next, manually delete Kaspersky AVP, JavaRa, Junkware Removal Tool and Malwarebytes Anti-Rootkit. Finally, uninstall ESET Online Scanner.

Some malware prevention tips:

users.telenet.be/bluepatchy/miekiemoes/prevention.html

Safe surfing! :)

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.