personal security guard removal

View previous topic View next topic Go down

personal security guard removal

Post by sldr1017 on Mon Dec 28, 2009 6:10 pm

I have attempted to use malware as specified in the user guide, however, I am unable to open the program. It seems that the malware program is being blocked.

sldr1017
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-28
OS OS : windows vista
Points Points : 25373
# Likes # Likes : 0

View user profile

Back to top Go down

Re: personal security guard removal

Post by Belahzur on Mon Dec 28, 2009 6:11 pm

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

OTL

Post by sldr1017 on Mon Dec 28, 2009 6:22 pm

OTL logfile created on: 12/28/2009 1:13:22 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Owner\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 133.03 Gb Free Space | 59.21% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.87 Gb Free Space | 22.79% Space Free | Partition Type: NTFS
Drive E: | 35.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/28 13:13:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\Desktop\OTL.exe
PRC - [2009/12/27 22:26:17 | 01,351,680 | ---- | M] () -- C:\Program Files\PersonalSec\psecurity.exe
PRC - [2009/12/20 22:08:45 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/12/20 22:01:58 | 00,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/11/12 16:33:10 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/27 08:24:29 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/09/17 18:56:58 | 02,477,304 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
PRC - [2009/07/08 20:14:40 | 00,115,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/05/27 03:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) -- c:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/29 01:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/25 11:44:34 | 00,031,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008/09/29 07:07:00 | 00,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe
PRC - [2008/09/29 07:07:00 | 00,067,904 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2008/09/29 07:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2008/09/29 07:07:00 | 00,019,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe
PRC - [2008/06/06 02:21:00 | 00,094,376 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\Symantec\LiveUpdate Administrator\pgsql\bin\pg_ctl.exe
PRC - [2008/06/06 02:20:00 | 03,615,421 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\Symantec\LiveUpdate Administrator\pgsql\bin\postgres.exe
PRC - [2008/03/14 03:00:00 | 00,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2008/03/14 03:00:00 | 00,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe
PRC - [2008/03/14 03:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2008/03/14 03:00:00 | 00,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe
PRC - [2008/01/28 13:40:00 | 00,057,344 | ---- | M] (Apache Software Foundation) -- C:\Program Files\Symantec\LiveUpdate Administrator\tomcat\bin\tomcat5.exe
PRC - [2008/01/19 02:33:39 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 02:33:33 | 00,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2008/01/02 17:07:08 | 00,141,848 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxtray.exe
PRC - [2008/01/02 17:07:04 | 00,256,536 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.exe
PRC - [2008/01/02 17:07:02 | 00,133,656 | ---- | M] (Intel Corporation) -- C:\Windows\System32\igfxpers.exe
PRC - [2008/01/02 17:06:52 | 00,166,424 | ---- | M] (Intel Corporation) -- C:\Windows\System32\hkcmd.exe
PRC - [2007/12/12 15:20:48 | 21,686,568 | R--- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe
PRC - [2007/11/01 16:13:26 | 00,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
PRC - [2007/08/30 17:43:18 | 00,103,664 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2007/04/23 20:11:42 | 00,262,243 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
PRC - [2007/03/14 14:07:30 | 00,062,984 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
PRC - [2007/03/11 06:21:50 | 00,159,744 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\Apoint.exe
PRC - [2007/02/12 09:38:04 | 00,355,096 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/02/12 09:37:58 | 00,174,872 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007/01/29 14:07:18 | 00,050,736 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApMsgFwd.exe
PRC - [2006/12/19 17:23:00 | 00,272,024 | ---- | M] () -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe
PRC - [2006/12/14 19:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/11/28 11:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2006/09/08 10:06:08 | 00,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\ApntEx.exe
PRC - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


========== Modules (SafeList) ==========

MOD - [2009/12/28 13:13:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\Desktop\OTL.exe
MOD - [2008/01/19 02:26:34 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/12/23 14:06:56 | 00,057,344 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2009/12/20 22:01:56 | 00,137,200 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/11/12 16:33:00 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/17 18:56:58 | 02,477,304 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2009/09/17 18:38:02 | 01,864,888 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService)
SRV - [2009/09/17 17:21:10 | 00,341,320 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC)
SRV - [2009/07/13 12:06:15 | 03,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2009/07/08 20:14:20 | 00,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/05/27 03:27:04 | 29,262,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\The Monticello Corporation\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$PTPROFESSIONAL41) SQL Server (PTPROFESSIONAL41)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/11/24 22:31:12 | 00,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 22:31:08 | 00,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 22:31:08 | 00,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/10/25 11:44:08 | 00,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008/09/29 07:07:00 | 00,143,088 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2008/09/29 07:07:00 | 00,067,904 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2008/09/29 07:07:00 | 00,062,800 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2008/09/29 07:07:00 | 00,019,456 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService)
SRV - [2008/06/06 02:21:00 | 00,094,376 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate Administrator\pgsql\bin\pg_ctl.exe -- (LUA PostgreSQL)
SRV - [2008/03/14 03:00:00 | 00,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2008/02/28 10:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/02/28 10:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Windows\System32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2008/01/28 13:40:00 | 00,057,344 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate Administrator\tomcat\bin\tomcat5.exe -- (LUATomcat)
SRV - [2008/01/19 02:38:24 | 00,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/08/16 08:56:16 | 00,309,744 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2007/08/16 08:56:14 | 00,166,384 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9)
SRV - [2007/08/16 08:56:10 | 01,092,080 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9)
SRV - [2007/07/24 05:14:08 | 00,088,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe -- (Roxio UPnP Renderer 9)
SRV - [2007/07/24 05:14:06 | 00,358,896 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe -- (Roxio Upnp Server 9)
SRV - [2007/04/23 20:11:44 | 00,106,593 | ---- | M] () [Auto | Stopped] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/04/23 20:11:42 | 00,262,243 | ---- | M] () [Auto | Running] -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/03/14 14:07:30 | 00,062,984 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2007/02/17 09:31:12 | 00,074,656 | R--- | M] (MicroVision Development, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - [2007/02/12 09:38:04 | 00,355,096 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2006/12/19 17:23:00 | 00,272,024 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe -- (RichVideo) Cyberlink RichVideo Service(CRVS)
SRV - [2006/12/14 19:49:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/11/28 11:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2006/11/02 07:35:29 | 00,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 16:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/05/02 16:41:28 | 00,135,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- (hpqwmiex)
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2009/12/28 00:01:07 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/12/14 10:24:24 | 00,163,600 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2009/12/07 16:59:32 | 00,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/09/17 18:38:10 | 00,092,488 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SYSTEM32\Drivers\SysPlant.sys -- (SysPlant)
DRV - [2009/09/17 18:31:50 | 00,042,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\WPSDRVnt.sys -- (WPS)
DRV - [2009/09/17 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091227.023\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/09/17 01:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/09/17 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/09/17 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20091227.023\NAVENG.SYS -- (NAVENG)
DRV - [2009/09/03 16:03:48 | 00,188,080 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2009/09/03 16:03:48 | 00,026,416 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2009/08/26 11:54:38 | 00,421,424 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2009/08/25 20:05:44 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2009/08/25 20:05:42 | 00,320,560 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2009/08/25 20:05:42 | 00,281,648 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2009/07/14 12:51:12 | 00,023,888 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\COH_Mon.sys -- (COH_Mon)
DRV - [2009/05/27 14:31:18 | 00,050,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Teefer2.sys -- (Teefer2)
DRV - [2009/05/18 13:17:00 | 00,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/04/20 22:12:14 | 00,149,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wpshelper.sys -- (WpsHelper)
DRV - [2009/03/05 22:59:00 | 00,036,864 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2008/09/29 07:07:00 | 00,340,592 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2008/09/29 07:07:00 | 00,090,360 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2008/09/29 07:07:00 | 00,074,648 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2008/09/29 07:07:00 | 00,064,432 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2008/09/29 07:07:00 | 00,062,704 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2008/09/29 07:07:00 | 00,042,424 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2008/03/04 01:32:00 | 00,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/19 00:57:15 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rootmdm.sys -- (ROOTMODEM)
DRV - [2008/01/19 00:53:23 | 00,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/02 16:48:28 | 02,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/02 16:48:28 | 02,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2007/05/01 03:00:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/04/30 14:59:30 | 00,160,768 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2007/04/18 07:03:26 | 00,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/03/21 17:02:04 | 00,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/01 07:49:58 | 02,216,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/02/24 09:42:22 | 00,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/12 09:36:54 | 00,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/02/07 04:16:00 | 00,196,096 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007/01/23 11:40:20 | 00,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/01/18 10:24:58 | 00,026,496 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RimSerial.sys -- (RimVSerPort)
DRV - [2006/12/07 10:05:58 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/07 10:04:36 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/07 10:04:26 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/30 12:24:58 | 00,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/11/28 11:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 04:51:45 | 00,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 00,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 00,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 00,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 00,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 00,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 00,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 00,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 00,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 00,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 00,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 00,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 00,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 00,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 00,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 00,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 00,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 00,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 00,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 00,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 00,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 00,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 04:49:30 | 00,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 04:49:28 | 00,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 04:49:20 | 00,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 03:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:41:49 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 02:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:30:54 | 01,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006/11/02 02:30:54 | 00,163,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e100b325.sys -- (E100B) Intel(R)
DRV - [2006/11/02 02:30:54 | 00,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 02:30:53 | 00,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/02 01:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/28 11:54:00 | 00,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2006/06/19 09:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



O1 HOSTS File: (743 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - No CLSID value found.
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [GrooveMonitor] C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [masqform.exe] C:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} [You must be registered and logged in to see this link.] (McFreeScan Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/16 06:22:04 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2005/08/26 08:21:36 | 00,000,056 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{47675dd5-b6e8-11dc-83c4-0016d3fccf20}\Shell - "" = AutoRun
O33 - MountPoints2\{47675dd5-b6e8-11dc-83c4-0016d3fccf20}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4767675b-b6e8-11dc-83c4-0016d3fccf20}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\taskmngr.exe -- File not found
O33 - MountPoints2\{4767675b-b6e8-11dc-83c4-0016d3fccf20}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\taskmngr.exe -- File not found
O33 - MountPoints2\{703b6ff9-a3f6-11dd-80ac-0016d3fccf20}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\taskmngr.exe -- File not found
O33 - MountPoints2\{703b6ff9-a3f6-11dd-80ac-0016d3fccf20}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\taskmngr.exe -- File not found
O33 - MountPoints2\{75df11c5-b05d-11dc-ba0a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{75df11c5-b05d-11dc-ba0a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SessionViewer.exe -- [2008/09/26 10:03:40 | 06,733,186 | R--- | M] (Macromedia, Inc.)
O33 - MountPoints2\{87411a09-cf13-11de-8246-0016d3fccf20}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe -- File not found
O33 - MountPoints2\{87411a09-cf13-11de-8246-0016d3fccf20}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk /p \??\F:) - File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/28 13:13:01 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\Desktop\OTL.exe
[2009/12/28 13:00:22 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2009/12/28 13:00:16 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/28 13:00:14 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/28 13:00:14 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/28 13:00:14 | 00,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2009/12/28 12:35:47 | 00,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2009/12/28 12:35:45 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/12/28 12:35:44 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009/12/28 12:26:54 | 00,000,000 | ---D | C] -- C:\Windows\McAfee.com
[2009/12/28 12:11:18 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/12/28 12:11:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/12/28 12:11:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/12/28 12:10:25 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/28 11:55:46 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/12/28 00:03:03 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Symantec
[2009/12/28 00:02:57 | 00,149,768 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\wpshelper.sys
[2009/12/28 00:01:15 | 00,092,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SysPlant.sys
[2009/12/28 00:00:49 | 00,124,976 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/12/27 23:45:54 | 00,000,000 | ---D | C] -- C:\SEP
[2009/12/27 23:21:56 | 00,000,000 | ---D | C] -- C:\TempDownload
[2009/12/27 23:20:18 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/12/27 23:15:02 | 00,000,000 | ---D | C] -- C:\Users\Owner\Desktop\Desktop\SEP_11_0_5002_333_RU5_CD2
[2009/12/27 23:06:48 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/12/27 22:41:26 | 00,000,000 | ---D | C] -- C:\ProgramData\ReviverSoft
[2009/12/27 22:26:36 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PersonalSecUninstall
[2009/12/27 22:26:01 | 00,000,000 | ---D | C] -- C:\Program Files\PersonalSec
[2009/12/23 14:13:34 | 00,545,424 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2009/12/23 14:13:32 | 00,438,928 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2009/12/23 14:04:54 | 00,017,408 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2009/12/20 22:12:42 | 00,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/12/20 22:12:07 | 00,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/12/20 22:12:07 | 00,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/12/20 22:12:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2009/12/20 22:08:52 | 00,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/12/20 22:05:26 | 00,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Google
[2009/12/14 10:24:24 | 00,163,600 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
[2009/12/11 03:00:47 | 00,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2009/12/11 03:00:42 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2009/12/10 16:11:40 | 00,126,976 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2009/12/10 16:11:32 | 00,393,216 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2009/12/10 16:09:24 | 00,385,024 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2009/12/10 16:09:08 | 00,061,440 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2009/12/10 16:08:48 | 00,023,040 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2009/12/10 16:06:52 | 00,225,280 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2009/12/10 16:06:30 | 00,094,208 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2009/12/10 16:05:54 | 00,094,208 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2009/12/10 16:02:42 | 00,729,088 | R--- | C] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2009/12/09 21:38:12 | 00,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/12/09 21:38:11 | 00,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/12/09 21:38:10 | 00,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/12/09 21:38:10 | 00,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/12/09 21:38:10 | 00,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/12/09 21:38:10 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/12/09 21:38:09 | 00,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/12/09 21:38:09 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2009/12/09 21:38:08 | 01,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/12/09 21:38:08 | 00,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/12/09 21:37:27 | 00,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2009/12/09 21:37:27 | 00,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2009/12/07 16:59:32 | 00,061,328 | R--- | C] (iS3 Inc.) -- C:\Windows\System32\drivers\SZKG.sys
[2009/12/07 16:59:32 | 00,061,328 | R--- | C] (iS3 Inc.) -- C:\Windows\System32\drivers\is3srv.sys
[2009/12/03 20:13:40 | 00,000,000 | RHSD | C] -- C:\RESTORE
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Desktop\Desktop\*.tmp files -> C:\Users\Owner\Desktop\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/28 13:15:00 | 00,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BCE2FA42-EF79-4E0C-ACA5-030C36CF685B}.job
[2009/12/28 13:13:28 | 03,670,016 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT
[2009/12/28 13:13:04 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\Desktop\OTL.exe
[2009/12/28 13:00:19 | 00,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 12:20:56 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/28 12:04:48 | 00,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2009/12/28 11:56:26 | 00,000,464 | ---- | M] () -- C:\Windows\tasks\Registry Reviver.job
[2009/12/28 11:56:26 | 00,000,240 | ---- | M] () -- C:\Windows\tasks\PersonalSec.job
[2009/12/28 11:55:48 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/28 11:55:46 | 36,518,9098 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/12/28 11:55:09 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/28 11:55:08 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/28 11:54:27 | 00,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{1adfc715-f36c-11de-bdfb-0016d3fccf20}.TMContainer00000000000000000001.regtrans-ms
[2009/12/28 11:54:27 | 00,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{1adfc715-f36c-11de-bdfb-0016d3fccf20}.TM.blf
[2009/12/28 11:54:16 | 21,373,82912 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/28 00:05:29 | 00,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{1adfc715-f36c-11de-bdfb-0016d3fccf20}.TMContainer00000000000000000002.regtrans-ms
[2009/12/28 00:05:24 | 01,876,233 | -H-- | M] () -- C:\Users\Owner\AppData\Local\IconCache.db
[2009/12/28 00:01:07 | 00,124,976 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2009/12/28 00:01:07 | 00,007,456 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/12/28 00:01:07 | 00,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/12/27 23:21:14 | 00,002,093 | ---- | M] () -- C:\Users\Public\Desktop\LiveUpdate Administrator.lnk
[2009/12/27 23:13:38 | 30,516,1590 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\SEP_11_0_5002_333_RU5_CD2.zip
[2009/12/27 22:57:21 | 00,196,608 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\SEP_11_0_5002_333_RU5_CD1.zip
[2009/12/23 14:13:34 | 00,545,424 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZComp5.dll
[2009/12/23 14:13:32 | 00,438,928 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZBase5.dll
[2009/12/23 14:04:54 | 00,017,408 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\SZIO5.dll
[2009/12/20 22:32:21 | 00,064,000 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\PW Cost Reduction Plan.xls
[2009/12/20 22:32:08 | 00,054,272 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\14-18 Dec.xls
[2009/12/20 22:22:24 | 00,000,025 | ---- | M] () -- C:\Windows\cdplayer.ini
[2009/12/20 22:13:03 | 00,000,815 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2009/12/20 22:12:42 | 00,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\rmoc3260.dll
[2009/12/20 22:12:07 | 00,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5016.dll
[2009/12/20 22:12:07 | 00,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\System32\pndx5032.dll
[2009/12/20 22:08:52 | 00,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2009/12/20 19:37:46 | 00,524,288 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{80525b03-b613-11de-b4bd-0016d3fccf20}.TMContainer00000000000000000001.regtrans-ms
[2009/12/20 19:37:46 | 00,065,536 | -HS- | M] () -- C:\Users\Owner\NTUSER.DAT{80525b03-b613-11de-b4bd-0016d3fccf20}.TM.blf
[2009/12/20 16:31:10 | 00,761,144 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/20 16:31:10 | 00,645,296 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/20 16:31:10 | 00,120,196 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/19 23:26:58 | 00,351,666 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\1LT Buckmaster - OER Support Form.xfdl
[2009/12/19 18:17:30 | 00,499,024 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\1LT Buckmaster - OER.xfdl
[2009/12/19 13:35:00 | 03,403,776 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\Marketing Plan draft v2.doc
[2009/12/16 17:21:41 | 00,037,888 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\Buckmaster, Scott - PHIL 521-4000 - Book Review.doc
[2009/12/14 22:38:57 | 03,040,604 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\verizon
[2009/12/14 10:24:24 | 00,163,600 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\drivers\SZKGFS.sys
[2009/12/11 00:16:52 | 00,011,001 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\Copy of VPS VOUCHER NUMBERS BUCKMASTER.xlsx
[2009/12/10 19:28:34 | 00,055,296 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\HEATMAcohort4000.doc
[2009/12/10 16:11:40 | 00,126,976 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3HTUI5.dll
[2009/12/10 16:11:32 | 00,393,216 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3DBA5.dll
[2009/12/10 16:09:24 | 00,385,024 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3UI5.dll
[2009/12/10 16:09:08 | 00,061,440 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Hks5.dll
[2009/12/10 16:08:48 | 00,023,040 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3XDat5.dll
[2009/12/10 16:06:52 | 00,225,280 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Win325.dll
[2009/12/10 16:06:30 | 00,094,208 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Inet5.dll
[2009/12/10 16:05:54 | 00,094,208 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Svc5.dll
[2009/12/10 16:02:42 | 00,729,088 | R--- | M] (iS3, Inc.) -- C:\Windows\System32\IS3Base5.dll
[2009/12/10 05:50:34 | 00,032,768 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\Jan Training Meeting Notes.doc
[2009/12/10 03:08:39 | 00,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2009/12/07 16:59:32 | 00,061,328 | R--- | M] (iS3 Inc.) -- C:\Windows\System32\drivers\SZKG.sys
[2009/12/07 16:59:32 | 00,061,328 | R--- | M] (iS3 Inc.) -- C:\Windows\System32\drivers\is3srv.sys
[2009/12/06 17:27:00 | 00,033,280 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\Cost for Business.xls
[2009/12/04 22:41:47 | 01,163,264 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\Escalation of Force.ppt
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/12/03 11:33:52 | 00,110,288 | ---- | M] () -- C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/12/03 03:30:18 | 00,391,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/12/03 03:03:44 | 00,000,219 | ---- | M] () -- C:\Windows\win.ini
[2009/11/28 16:21:53 | 00,035,100 | ---- | M] () -- C:\Users\Owner\Desktop\Desktop\Boatright.docx
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Owner\Desktop\Desktop\*.tmp files -> C:\Users\Owner\Desktop\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 13:00:19 | 00,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 12:04:48 | 00,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/12/28 11:54:32 | 36,518,9098 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/28 00:00:49 | 00,007,456 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2009/12/28 00:00:49 | 00,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2009/12/27 23:48:21 | 00,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{1adfc715-f36c-11de-bdfb-0016d3fccf20}.TMContainer00000000000000000002.regtrans-ms
[2009/12/27 23:48:20 | 00,524,288 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{1adfc715-f36c-11de-bdfb-0016d3fccf20}.TMContainer00000000000000000001.regtrans-ms
[2009/12/27 23:48:20 | 00,065,536 | -HS- | C] () -- C:\Users\Owner\NTUSER.DAT{1adfc715-f36c-11de-bdfb-0016d3fccf20}.TM.blf
[2009/12/27 23:21:14 | 00,002,093 | ---- | C] () -- C:\Users\Public\Desktop\LiveUpdate Administrator.lnk
[2009/12/27 23:10:23 | 30,516,1590 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\SEP_11_0_5002_333_RU5_CD2.zip
[2009/12/27 22:57:20 | 00,196,608 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\SEP_11_0_5002_333_RU5_CD1.zip
[2009/12/27 22:43:54 | 00,000,464 | ---- | C] () -- C:\Windows\tasks\Registry Reviver.job
[2009/12/27 22:26:37 | 00,000,240 | ---- | C] () -- C:\Windows\tasks\PersonalSec.job
[2009/12/20 22:22:24 | 00,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/12/20 22:13:03 | 00,000,815 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer SP.lnk
[2009/12/20 22:04:31 | 00,064,000 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\PW Cost Reduction Plan.xls
[2009/12/20 22:04:17 | 00,054,272 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\14-18 Dec.xls
[2009/12/19 18:07:40 | 00,499,024 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\1LT Buckmaster - OER.xfdl
[2009/12/19 13:35:18 | 03,403,776 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\Marketing Plan draft v2.doc
[2009/12/17 21:18:57 | 00,351,666 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\1LT Buckmaster - OER Support Form.xfdl
[2009/12/14 22:38:43 | 03,040,604 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\verizon
[2009/12/11 00:16:51 | 00,011,001 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\Copy of VPS VOUCHER NUMBERS BUCKMASTER.xlsx
[2009/12/10 19:33:37 | 00,037,888 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\Buckmaster, Scott - PHIL 521-4000 - Book Review.doc
[2009/12/10 05:41:49 | 00,032,768 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\Jan Training Meeting Notes.doc
[2009/12/10 03:08:39 | 00,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2009/12/03 18:45:46 | 01,163,264 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\Escalation of Force.ppt
[2009/12/02 17:01:13 | 00,055,296 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\HEATMAcohort4000.doc
[2009/11/28 16:21:49 | 00,035,100 | ---- | C] () -- C:\Users\Owner\Desktop\Desktop\Boatright.docx
[2008/11/06 23:31:55 | 00,000,029 | ---- | C] () -- C:\ProgramData\counter.cfg
[2008/02/14 22:59:04 | 00,000,108 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\wklnhst.dat
[2008/01/22 11:55:51 | 00,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008/01/02 16:57:36 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/12/30 10:24:41 | 00,023,552 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/21 10:33:56 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\QSwitch.txt
[2007/12/21 10:33:56 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\DSwitch.txt
[2007/12/21 10:33:56 | 00,000,000 | ---- | C] () -- C:\Users\Owner\AppData\Local\AtStart.txt
[2007/08/16 06:12:15 | 00,000,679 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/03/30 07:27:34 | 00,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1244.dll
[2007/03/30 06:55:46 | 00,910,304 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/02/27 15:43:02 | 00,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/12/14 01:01:36 | 00,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/12/14 01:01:36 | 00,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/11/02 07:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 02:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/05/07 07:06:00 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
< End of report >

sldr1017
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-28
OS OS : windows vista
Points Points : 25373
# Likes # Likes : 0

View user profile

Back to top Go down

Extras

Post by sldr1017 on Mon Dec 28, 2009 6:23 pm

OTL Extras logfile created on: 12/28/2009 1:13:22 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Users\Owner\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 60.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.69 Gb Total Space | 133.03 Gb Free Space | 59.21% Space Free | Partition Type: NTFS
Drive D: | 8.20 Gb Total Space | 1.87 Gb Free Space | 22.79% Space Free | Partition Type: NTFS
Drive E: | 35.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-PC
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SystemRoot%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
"AntiVirusDisableNotify" = 
"AntiVirusOverride" = 0
"FirewallDisableNotify" = 
"FirewallOverride" = 0
"FirstRunDisabled" = 
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{B4F3221E-48BF-4D40-87D7-8C1C0050C617}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09EBED4B-BAA6-4324-A440-28CD730CEB35}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{0E319267-7295-4FD9-88C9-6B7084930FB8}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{1AC2D228-FF1F-4EDD-9505-D7208AF6A4BE}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2F4B00D6-BFAC-4887-A908-9EC1C4630FCD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{33662EF4-3C46-4E11-82AF-E05B94A29E3D}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{4332848F-FAC1-467A-88EA-A713E0ACB2DB}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{54180AAF-C0D5-4C0C-B764-9638EACCBC5C}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{5FD2433D-9E2B-4481-BAEA-301A7FBFAFB6}" = protocol=6 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{729F40E6-8864-4323-9DF5-91E41899CB93}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8E13BCC8-20C9-4B7B-B99A-C4AEB0287978}" = protocol=17 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{9268DC13-6DBF-4784-A101-5C65ED7D1E36}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9431AEE6-31D7-4640-9506-B63328552C10}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{9651F931-7EE2-41DF-A01D-CB6F5C69894D}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{96A2A19B-0253-4699-A703-D2CB453BBA38}" = protocol=6 | dir=in | app=c:\program files\mcafee\common framework\frameworkservice.exe |
"{9D0699BD-67EA-4766-AC2B-8CC79B2D1BF3}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"{A8BFC2B9-5F68-409F-8C1D-F524F39D8DB2}" = protocol=17 | dir=in | app=c:\program files\symantec\symantec endpoint protection\smc.exe |
"{B33ABBF1-9FC4-4E29-B79D-092BCAE840E4}" = protocol=17 | dir=in | app=c:\program files\common files\symantec shared\ccapp.exe |
"{B72E332B-CBF5-498E-8431-BD1928C57D7E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{BE302DEF-0BA9-4FF8-BA93-4179E500B3AF}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{BEB7C115-3605-4AE7-ABCB-7A189ACCF89C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DD4C7500-064D-48F3-97C0-9F118D30E2E0}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E21C88F9-6615-44A8-93E8-7C27E8B58D24}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E92BC7F6-9515-42D1-8745-75531B829E48}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe |
"{F5A89237-78BF-45D5-A273-FD7F3205321C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F6439613-8AED-40D9-9F5D-323C61472B17}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{F82E253C-AF54-471A-B1FD-5C6B6603B463}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FDF4896F-503D-4ED3-A697-1CA55A1BE557}" = protocol=6 | dir=in | app=c:\program files\symantec\symantec endpoint protection\snac.exe |
"TCP Query User{263EF42E-E301-438A-A7AB-C4F7C5FCB477}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{4E683671-491F-4DC9-9096-5BB6D50E048B}C:\program files\microsoft office\office12\groove.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{5F350FD7-08D5-4B6F-B5D1-A412BA99C585}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7E06303B-8EFB-4FA1-851F-2585D175611A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C04CA431-3038-4E59-A920-15F8B4974101}C:\program files\microsoft office\office12\groove.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"UDP Query User{F1CF3104-A1E5-4719-A091-8C01AE2ABAFA}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0BFC200F-C45D-4271-AF34-4CA969225DEB}" = muvee autoProducer 6.0
"{0CFD3BAF-9F4D-4D70-BD0B-638EA2504C25}" = PSSWCORE
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar
"{11F93B4B-48F0-4A4E-AE77-DFA96A99664B}" = Roxio Creator EasyArchive
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise
"{1517A7CB-5F00-4A88-8F06-E89B6DB63784}" = ESU for Microsoft Vista
"{1A0F7DFF-6F13-458C-8EC3-5386E8C251C6}" = BlackBerry Device Software Updater
"{1D0D9BF9-E44B-4666-A41E-924D1E1F205F}" = STOPzilla
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{290B83AA-093A-45BF-A917-D1C4A1E8D917}" = HP Active Support Library
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (PTPROFESSIONAL41)
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2EFCC193-D915-4CCB-9201-31773A27BC06}" = Symantec Endpoint Protection
"{303379C9-8610-4CCF-AF37-C4BF8998C591}" = Roxio Media Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.20 B1
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Roxio Activation Module
"{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{40385AA8-F33A-4E8E-BCAB-DF94A6AF7D51}" = HP User Guides 0060
"{40F7AED3-0C7D-4582-99F6-484A515C73F2}" = HP Easy Setup - Frontend
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.2
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05EEDD-E565-4E2B-ADE4-0C784C17311C}" = Crystal Reports for .NET Framework 2.0 (x86)
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86A46236-C44B-4217-81E9-6B691C82E1DD}" = Quarantine Console
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8CEA85DE-955B-4BF4-87F2-0BAA62821633}" = HP Photosmart Essential2.5
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9061CEF2-51F5-42C9-8A70-9ED351C6597A}" = HP Help and Support
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Touch Pad Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A638557B-1F13-40A0-9627-C892FBCA6960}" = McAfee Agent
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5E289E-76BF-4251-9F3F-9B763F681AE0}" = HP Customer Experience Enhancements
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B08A9D92-0F07-4DA3-B128-BA9860621E7B}" = Symantec LiveUpdate Administrator 2.2.1
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE8A9C2C-8E41-445B-A746-BEB0B1F992F8}" = DJ_AIO_03_F4200_Software_Min
"{C3B6AEB1-390C-4792-8677-CD87F8B2C959}" = HP Deskjet F4200 All-In-One Driver 11.0 03
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator Basic v9
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E5D52570-5EF1-4576-A434-6CCD92268F0F}" = Google SketchUp 7
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{FAB0C302-CB18-4A7A-BA03-C3DC23101A68}" = HP Active Support Library 32 bit components
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS Video Editor 4_is1" = AVS Video Editor 4 4.2.1.166
"AVS Video Recorder_is1" = AVS Video Recorder 2.4 (Service Version)
"AVS YouTube Uploader 2.1_is1" = AVS YouTube Uploader version 2.1
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_5045&SUBSYS_103C30B7" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Critical Seeker 4.1" = Critical Seeker 4.1
"ENTERPRISER" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Photosmart Essential" = HP Photosmart Essential 2.0
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"NCLEX-RN Strategy Practice Exam_is1" = NCLEX-RN Strategy Practice Exam
"RealPlayer 12.0" = RealPlayer
"VLC media player" = VLC media player 1.0.2
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"PersonalSec" = Personal Security
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2009 1:37:50 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 1:38:15 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 1:40:48 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 1:41:17 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 1:48:36 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 1:51:23 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 1:52:28 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 1:59:51 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 2:03:23 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

Error - 12/28/2009 2:12:18 PM | Computer Name = Owner-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Program Files\STOPzilla!\SZIEBHO.dll".
Dependent
Assembly Microsoft.VC80.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053"
could not be found. Please use sxstrace.exe for detailed diagnosis.

[ Media Center Events ]
Error - 1/1/2008 10:39:52 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.SqmFlushSession failed; Win32 GetLastError
returned 0D Process: DefaultDomain Object Name: Media Center Guide

Error - 5/26/2008 10:02:59 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 1:42:14 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/6/2008 12:58:00 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 7/12/2008 3:01:13 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = Failed to wait on MCUpdate mutex with exception: 'The wait completed
due to an abandoned mutex.'.

Error - 8/7/2008 9:41:01 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/28/2008 9:03:38 AM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 8/29/2008 11:42:40 PM | Computer Name = Owner-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 4/6/2009 5:18:12 PM | Computer Name = Owner-PC | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

[ OSession Events ]
Error - 5/12/2008 12:22:01 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 241
seconds with 180 seconds of active time. This session ended with a crash.

Error - 7/29/2009 4:34:03 PM | Computer Name = Owner-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 57
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/28/2009 1:17:06 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/28/2009 1:17:06 AM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =

Error - 12/28/2009 11:13:38 AM | Computer Name = Owner-PC | Source = iaStor | ID = 262153
Description = The device, \Device\Ide\iaStor0, did not respond within the timeout
period.

Error - 12/28/2009 12:54:46 PM | Computer Name = Owner-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:51:19 AM on 12/28/2009 was unexpected.

Error - 12/28/2009 12:55:49 PM | Computer Name = Owner-PC | Source = HTTP | ID = 15016
Description =

Error - 12/28/2009 12:59:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 12/28/2009 12:59:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/28/2009 12:59:40 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/28/2009 1:01:34 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 12/28/2009 1:01:34 PM | Computer Name = Owner-PC | Source = Service Control Manager | ID = 7001
Description =


< End of report >

sldr1017
Beginner
Beginner

Posts Posts : 3
Joined Joined : 2009-12-28
OS OS : windows vista
Points Points : 25373
# Likes # Likes : 0

View user profile

Back to top Go down

Re: personal security guard removal

Post by Belahzur on Mon Dec 28, 2009 6:29 pm

Hello.

I see that you are running uTorrent.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs if present.

    uTorrent
    Java(TM) SE Runtime Environment 6
    Java(TM) 6 Update 3
    PersonalSec

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    PRC - [2009/12/27 22:26:17 | 01,351,680 | ---- | M] () -- C:\Program Files\PersonalSec\psecurity.exe
    O2 - BHO: (no name) - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O32 - AutoRun File - [2007/08/16 06:22:04 | 00,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2005/09/11 10:18:54 | 00,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O32 - AutoRun File - [2005/08/26 08:21:36 | 00,000,056 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
    O33 - MountPoints2\{47675dd5-b6e8-11dc-83c4-0016d3fccf20}\Shell - "" = AutoRun
    O33 - MountPoints2\{4767675b-b6e8-11dc-83c4-0016d3fccf20}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\taskmngr.exe -- File not found
    O33 - MountPoints2\{4767675b-b6e8-11dc-83c4-0016d3fccf20}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\taskmngr.exe -- File not found
    O33 - MountPoints2\{703b6ff9-a3f6-11dd-80ac-0016d3fccf20}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\taskmngr.exe -- File not found
    O33 - MountPoints2\{703b6ff9-a3f6-11dd-80ac-0016d3fccf20}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\taskmngr.exe -- File not found
    O33 - MountPoints2\{75df11c5-b05d-11dc-ba0a-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{87411a09-cf13-11de-8246-0016d3fccf20}\Shell\AutoRun\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe -- File not found
    O33 - MountPoints2\{87411a09-cf13-11de-8246-0016d3fccf20}\Shell\open\command - "" = F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ROX.exe -- File not found
    O33 - MountPoints2\H\Shell - "" = AutoRun

    :files
    C:\Program Files\Common Files\PersonalSecUninstall
    C:\Program Files\PersonalSec


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum