When I click on a site that is returned via a Google search I am sent to a sight offering a service that has nothing to do with the original search. Thanks in advance for any help you can provide.
The requested files are below:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:10:31 PM, on 1/30/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18904)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\Logitech Vid\Vid.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Windows\System32\rundll32.exe
C:\Users\Ty Coup\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\FamilySearch\Paf5\paf5.exe
C:\Users\Ty Coup\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty Coup\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty Coup\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty Coup\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ty Coup\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ty Coup\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.com/Genoogle/Comp ... eQuery.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClientControl Class) - https://secure.sclhs.net/dana-cached/sc ... Client.cab
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11701 bytes
Uninstall List
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.6
Adobe Shockwave Player 11.5
Age of Empires III: Complete Collection
Age of Empires III: Complete Collection
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Aventail OnDemand Proxy Agent
Aventail Web Proxy Agent
Aventail Webifiers
AVG 2011
Bonjour
Broadcom Management Programs
Browser Address Error Redirector
BUFFALO TurboUSB for FLASH/HDD
Canon RAW Codec
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
D3DX10
Dell DataSafe Online
Dell Support Center (Support Software)
Dell System Customization Wizard
Dell Touchpad
DellSupport
Digital Line Detect
EOS 20D WIA Driver
Games, Music, & Photos Launcher
GmoteServer
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel(R) PROSet/Wireless Software
iTunes
J2SE Runtime Environment 5.0 Update 15
J2SE Runtime Environment 5.0 Update 17
Java(TM) 6 Update 15
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6
Junk Mail filter update
K-Lite Mega Codec Pack 5.3.0
Legacy 7.0
Legacy Charting 7.0
Logitech Vid
Logitech Webcam Software
Logitech Webcam Software Driver Package
Malwarebytes' Anti-Malware
Maxtor Manager
Maxtor Manager
mCore
MediaDirect
Mesh Runtime
Messenger Companion
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
mMHouse
Modem Diagnostic Tool
Mozilla Firefox (3.0.18)
mPfMgr
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
mWMI
NetWaiting
NVIDIA Drivers
OGA Notifier 2.0.0048.0
OpenOffice.org 3.2
OutlookAddinSetup
Personal Ancestral File 5
Personal Ancestral File Companion 5.2
Picasa 3
Product Documentation Launcher
QuickSet
QuickTime
Realtime Landscaping Plus 5 Trial
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
Segoe UI
Sonic Activation Module
Spyware Terminator
Steam
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Warhammer 40,000: Dawn of War II
WebEx Support Manager for Internet Explorer
WIDCOMM Bluetooth Software 6.0.1.3100
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mail
Windows Live Mesh
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer
Windows Live Writer
Windows Live Writer Resources
winged version 1
OTL logfile created on: 1/30/2011 5:54:39 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ty Coup\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 35.40 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.53 Gb Free Space | 65.31% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 137.91 Gb Free Space | 46.26% Space Free | Partition Type: NTFS
Computer Name: TYCOUP-PC | User Name: Ty Coup | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Ty Coup\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Users\Ty Coup\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Users\Ty Coup\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\OpenOffice.org 3\program\swriter.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe ()
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
PRC - C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - c:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
========== Modules (SafeList) ==========
MOD - C:\Users\Ty Coup\Downloads\OTL (1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (atashost) -- C:\Windows\System32\atashost.exe (WebEx Communications, Inc.)
SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Maxtor Sync Service) -- C:\Program Files\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (DSBrokerService) -- C:\Program Files\DellSupport\brkrsvc.exe ()
========== Driver Services (SafeList) ==========
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (LVUVC) Logitech Webcam 600(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (bfturboh) -- C:\Windows\System32\drivers\bfturboh.sys (BUFFALO INC.)
DRV - (61883) -- C:\Windows\System32\drivers\61883.sys (Microsoft Corporation)
DRV - (Avc) -- C:\Windows\System32\drivers\avc.sys (Microsoft Corporation)
DRV - (MSDV) -- C:\Windows\System32\drivers\msdv.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (MXOPSWD) -- C:\Windows\System32\drivers\mxopswd.sys (Maxtor Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (dsunidrv) -- C:\Windows\System32\drivers\dsunidrv.sys (Gteko Ltd.)
DRV - (iaStor) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (bcm4sbxp) -- C:\Windows\System32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (DSproct) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerIf) -- C:\Windows\System32\drivers\BrSerIf.sys (Brother Industries Ltd.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/dell?hl=en&cli ... bd=1071114
IE - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: support@ancestry.com:1.0.0.1
FF - prefs.js..extensions.enabledItems: autopager@mozilla.org:0.6.1.6
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}:5.0.15
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}:5.0.17
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/16 06:45:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.18\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/16 06:45:00 | 000,000,000 | ---D | M]
[2009/04/25 14:10:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ty Coup\AppData\Roaming\Mozilla\Extensions
[2010/09/25 17:01:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ty Coup\AppData\Roaming\Mozilla\Firefox\Profiles\zeyjh3k9.default\extensions
[2010/06/04 05:30:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ty Coup\AppData\Roaming\Mozilla\Firefox\Profiles\zeyjh3k9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/04 05:30:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Ty Coup\AppData\Roaming\Mozilla\Firefox\Profiles\zeyjh3k9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/03/11 07:22:29 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Ty Coup\AppData\Roaming\Mozilla\Firefox\Profiles\zeyjh3k9.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2010/06/04 05:30:55 | 000,000,000 | ---D | M] ("AutoPager") -- C:\Users\Ty Coup\AppData\Roaming\Mozilla\Firefox\Profiles\zeyjh3k9.default\extensions\autopager@mozilla.org
[2009/05/17 22:42:29 | 000,000,000 | ---D | M] (Ancestry.com Advanced Image Viewer) -- C:\Users\Ty Coup\AppData\Roaming\Mozilla\Firefox\Profiles\zeyjh3k9.default\extensions\support@ancestry.com
[2009/08/06 16:35:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/08/22 13:59:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}
[2009/02/24 19:39:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SpywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Snapfish Activia)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/Comp ... eQuery.dll (CSEQueryObject Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_15)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure.sclhs.net/dana-cached/sc ... Client.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 24.124.0.193 24.124.0.194
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (AVGRSSTX.DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\GOOGLE\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-16893666-2047212815-2700233743-1000 Winlogon: Shell - (C:\Users\Ty Coup\AppData\Roaming\Adobe\plugs\KB-2123981239.exe) - File not found
O24 - Desktop WallPaper: C:\Users\Ty Coup\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ty Coup\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/05/31 13:15:50 | 000,000,118 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{13bfc489-8cb3-11dd-a80e-001c26e034fa}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\{1de25c66-89d9-11de-88a5-001c26e034fa}\Shell\AutoRun\command - "" = wdsync.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/01/30 16:06:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/30 16:06:53 | 000,000,000 | ---D | C] -- C:\Users\Ty Coup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/01/30 16:02:33 | 000,000,000 | ---D | C] -- C:\Users\Ty Coup\Documents\Simply Super Software
[2011/01/30 16:02:31 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2011/01/30 16:02:30 | 000,000,000 | ---D | C] -- C:\Users\Ty Coup\AppData\Roaming\Simply Super Software
[2011/01/30 16:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2011/01/29 11:48:51 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011/01/29 11:48:44 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/01/29 11:43:58 | 000,000,000 | ---D | C] -- C:\Users\Ty Coup\AppData\Local\Sunbelt Software
[2011/01/29 11:43:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\{2162CCC0-3A5F-4887-B51F-CE5F195B3620}
[2011/01/29 11:42:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/01/29 11:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/01/29 11:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/01/29 10:57:12 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011/01/29 09:36:21 | 000,000,000 | ---D | C] -- C:\Users\Ty Coup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2011/01/29 09:36:13 | 000,000,000 | ---D | C] -- C:\Users\Ty Coup\AppData\Roaming\Juniper Networks
[2011/01/16 06:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/01/16 06:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/16 06:49:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/16 06:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/01/16 06:44:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
========== Files - Modified Within 30 Days ==========
[2011/01/30 17:46:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/30 17:38:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/30 17:38:10 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/30 17:34:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-16893666-2047212815-2700233743-1000UA.job
[2011/01/30 16:06:53 | 000,001,952 | ---- | M] () -- C:\Users\Ty Coup\Desktop\HiJackThis.lnk
[2011/01/30 15:53:54 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{F0945F17-000C-4799-A7C8-B012F5FE9D29}.job
[2011/01/30 15:38:19 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011/01/30 15:38:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/30 10:41:57 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-16893666-2047212815-2700233743-1000Core.job
[2011/01/30 10:40:28 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/29 16:34:44 | 000,000,984 | -H-- | M] () -- C:\aaw7boot.cmd
[2011/01/29 11:58:27 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/01/29 11:58:27 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/01/29 11:54:03 | 000,027,525 | ---- | M] () -- C:\Users\Ty Coup\AppData\Roaming\nvModes.001
[2011/01/29 11:51:55 | 2143,494,144 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/29 11:51:04 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/01/29 11:48:42 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011/01/29 11:48:36 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011/01/29 11:43:12 | 000,001,033 | ---- | M] () -- C:\Users\Ty Coup\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/01/29 11:43:12 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/01/29 10:50:31 | 004,739,072 | ---- | M] () -- C:\Users\Ty Coup\Desktop\PRIMARY WILSON FAMILY TREE.FDB
[2011/01/29 10:50:31 | 000,000,043 | ---- | M] () -- C:\Users\Ty Coup\Desktop\PRIMARY WILSON FAMILY TREE.TC
[2011/01/16 06:50:31 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/16 06:46:09 | 000,000,629 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2011/01/16 06:44:53 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/15 07:19:57 | 000,002,054 | ---- | M] () -- C:\Users\Ty Coup\Desktop\Google Chrome.lnk
[2011/01/15 07:19:57 | 000,002,016 | ---- | M] () -- C:\Users\Ty Coup\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/01/12 23:17:07 | 000,135,238 | ---- | M] () -- C:\Users\Ty Coup\Documents\Patrick Manon Descendants.pdf
[2011/01/12 23:05:18 | 000,048,304 | ---- | M] () -- C:\Users\Ty Coup\Documents\Bruce Reed.rtf
[2011/01/09 21:40:44 | 000,027,525 | ---- | M] () -- C:\Users\Ty Coup\AppData\Roaming\nvModes.dat
========== Files Created - No Company Name ==========
[2011/01/30 16:06:53 | 000,001,952 | ---- | C] () -- C:\Users\Ty Coup\Desktop\HiJackThis.lnk
[2011/01/30 16:02:32 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2011/01/30 16:02:31 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2011/01/30 16:02:31 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2011/01/30 16:02:31 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2011/01/29 16:34:45 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011/01/29 16:34:42 | 000,000,984 | -H-- | C] () -- C:\aaw7boot.cmd
[2011/01/29 11:43:12 | 000,001,033 | ---- | C] () -- C:\Users\Ty Coup\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2011/01/29 11:43:12 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/01/16 06:50:31 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/01/16 06:44:53 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/01/12 23:17:07 | 000,135,238 | ---- | C] () -- C:\Users\Ty Coup\Documents\Patrick Manon Descendants.pdf
[2011/01/12 22:55:45 | 000,048,304 | ---- | C] () -- C:\Users\Ty Coup\Documents\Bruce Reed.rtf
[2011/01/10 17:03:19 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010/08/21 09:32:07 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/02/15 19:49:40 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2009/10/31 22:17:30 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/10/31 22:17:29 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009/10/31 22:17:28 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2009/10/31 22:17:28 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009/10/31 22:17:28 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009/10/31 22:17:26 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/10/07 00:46:36 | 000,025,752 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009/10/07 00:23:08 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009/09/17 22:02:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/17 22:02:23 | 000,003,584 | ---- | C] () -- C:\Windows\System32\zx.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/05/01 20:38:53 | 000,138,576 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/05/01 20:38:52 | 000,022,328 | ---- | C] () -- C:\Users\Ty Coup\AppData\Roaming\PnkBstrK.sys
[2009/05/01 20:38:27 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/03/01 23:14:23 | 000,006,353 | ---- | C] () -- C:\Windows\UN070618.INI
[2008/11/16 22:51:56 | 000,021,504 | ---- | C] () -- C:\Windows\System32\WBCustomizer.dll
[2008/06/15 06:07:54 | 000,141,312 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2008/03/30 21:59:30 | 000,001,356 | ---- | C] () -- C:\Users\Ty Coup\AppData\Local\d3d9caps.dat
[2008/03/20 09:39:38 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/20 09:39:38 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/01/19 20:09:29 | 000,001,982 | ---- | C] () -- C:\Users\Ty Coup\AppData\Roaming\wklnhst.dat
[2007/12/02 11:44:56 | 000,027,525 | ---- | C] () -- C:\Users\Ty Coup\AppData\Roaming\nvModes.dat
[2007/12/02 11:44:56 | 000,027,525 | ---- | C] () -- C:\Users\Ty Coup\AppData\Roaming\nvModes.001
[2007/12/02 10:47:41 | 000,050,688 | ---- | C] () -- C:\Users\Ty Coup\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/14 15:32:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/11/14 15:32:42 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/07/25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
OTL Extras logfile created on: 1/30/2011 5:54:39 PM - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\Ty Coup\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 31.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 54.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136.47 Gb Total Space | 35.40 Gb Free Space | 25.94% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.53 Gb Free Space | 65.31% Space Free | Partition Type: NTFS
Drive G: | 298.09 Gb Total Space | 137.91 Gb Free Space | 46.26% Space Free | Partition Type: NTFS
Computer Name: TYCOUP-PC | User Name: Ty Coup | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-16893666-2047212815-2700233743-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Ty Coup\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{8A0B40E4-0EFE-47B6-AB30-0C3945C41865}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9BB3BB0A-0236-47C0-8CC1-573F183493D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D51D70E2-3092-4D07-8348-E3677C08056C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DD5DC4C3-64D7-41E8-B913-A38147FC02AC}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E9980C-1585-41F0-A394-14CE8FE1BFED}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{1F87F6D7-9E14-4EC1-8A2F-6019CB365CAD}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dms\clmsservice.exe |
"{2715F11A-243C-494D-92D9-45CDFEA66FCD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{38E471FA-EEFD-4ABD-AA78-1C7A84DF5817}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcher.exe |
"{3A9F6C3B-B19B-49CB-B979-17A68B8C2B2B}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatchery.exe |
"{3E346F7F-89DA-4C0F-AF79-5C1F4C9FDAB5}" = dir=in | app=c:\program files\dell\mediadirect\kernel\dmp\clbrowserengine.exe |
"{446690BE-504F-4F79-AA27-AA73A5DCB086}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{50A99568-4A16-4102-8365-13B8D9845598}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{50F0987C-321F-4EC8-B8A0-AAF831FA76CD}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcher.exe |
"{5361AF06-EEF3-463E-934F-B16C5131BC0F}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatchery.exe |
"{579E6D07-BD2E-4EDC-A495-38639F4964EF}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{5D03F421-3977-42E2-B547-57DA7230CDC3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe |
"{5F3A06A8-5EBF-439A-8945-9664A074519D}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{7479C997-3487-4C89-B7F3-19E1EFA6ED14}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcherx.exe |
"{785BDC89-DC1D-458E-8715-F32499A0306D}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3y.exe |
"{83C6F6B9-0304-4C90-BDD6-E500A529C484}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{903E83EB-29F7-4ECF-84C7-6E6B522B2236}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe |
"{90E991F5-3842-44CB-9618-342C69716F94}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcherx.exe |
"{92755FBB-C49E-4D68-8C96-F9EFE49E7721}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{A3AA0A61-B7E9-456B-BC8F-B8BCA11BB66C}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcher2.exe |
"{A48A60B4-5754-40F0-8683-AD25BC4768A8}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\autopatcher2.exe |
"{A63070ED-152C-41B2-BEFC-505A689403A5}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A63E8A0E-F2D7-46E9-B543-44818D08FA75}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{ADD2EDB1-CD33-4B18-A5E5-0ABFEA105AAB}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C1695831-58D0-4F85-8401-2652A1DCB3CC}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D6BBDC01-761F-4C48-BB59-880AF2969168}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3x.exe |
"{EAF8BADE-357C-42C6-BB0E-59DDB8D12544}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe |
"{EB43601D-B14B-4A4C-80F5-6A4A096DACA0}" = dir=in | app=c:\program files\dell\mediadirect\pcmservice.exe |
"{F13F4040-EAE9-4B22-84BC-3A07DFFB8434}" = dir=in | app=c:\program files\dell\mediadirect\powercinema.exe |
"{FC311CCF-305C-4517-B3E3-A0E44B4DC88A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FCC6A2AA-77C9-4940-A486-34C7301123D8}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FF86B65A-C312-41F2-A513-6E144850D474}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"TCP Query User{3E796192-7D7E-4779-8503-5F61804ECF5D}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat" = protocol=6 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat |
"TCP Query User{62F3596B-C6B4-42AA-9CE2-9EB0ACD43463}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{74276AEC-F65E-4039-B135-8ECAC1F66DF3}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EC042264-DB47-4CBE-92DE-3E4F707E98F5}C:\program files\2k sports\mlb 2k10\mlb2k10.exe" = protocol=6 | dir=in | app=c:\program files\2k sports\mlb 2k10\mlb2k10.exe |
"UDP Query User{876BFDC1-85DC-4026-906B-7DFB84139486}C:\program files\2k sports\mlb 2k10\mlb2k10.exe" = protocol=17 | dir=in | app=c:\program files\2k sports\mlb 2k10\mlb2k10.exe |
"UDP Query User{9EDCED86-0B33-412D-8165-C5DBAD8D5DA4}C:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat" = protocol=17 | dir=in | app=c:\program files\ea games\command & conquer the first decade\command & conquer(tm) generals\game.dat |
"UDP Query User{B10B70B6-62A9-4778-BF7C-A88DC1700284}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{F1C9CA32-9663-48D6-9F22-639CD39615B7}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F95AA42-0FF6-4D48-9CA1-64C8D0777500}" = QuickSet
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1CC340A6-E2E8-4986-B4F6-300055258684}" = Aventail OnDemand Proxy Agent
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0150150}" = J2SE Runtime Environment 5.0 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0150170}" = J2SE Runtime Environment 5.0 Update 17
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{5211BF94-F97C-47E7-BC7C-BE804A79F8A2}" = MLB 2K10
"{54D44AD1-A083-48B9-BD6F-AFD517B7C775}" = Aventail Webifiers
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{5D86A8E7-3368-43B9-BF7A-28D838503BBC}" = Realtime Landscaping Plus 5 Trial
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91AFACB3-CA46-4C1E-AF2D-F72EE0B112E4}" = Personal Ancestral File Companion 5.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B0B46B3-10DF-4ADA-9501-0129D784563D}" = Aventail Web Proxy Agent
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.6
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BEFBEDDF-1417-4C8A-92FB-F003C0D41199}" = OpenOffice.org 3.2
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{F5D7FAB5-A1FD-4DD3-983E-4155B09D7102}" = mCore
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Canon RAW Codec" = Canon RAW Codec
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer
"EOS 20D WIA Driver" = EOS 20D WIA Driver
"GFWL_{4541091F-1F3D-4BA3-A5A3-F71000000100}" = Age of Empires III: Complete Collection
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{ED01D958-AEDC-40C8-93FD-0C08E8AA9530}" = Maxtor Manager
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.3.0
"Legacy 7.0" = Legacy 7.0
"LegacyChart7_is1" = Legacy Charting 7.0
"lvdrivers_12.10" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.0.18)" = Mozilla Firefox (3.0.18)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"ProInst" = Intel(R) PROSet/Wireless Software
"Spyware Terminator_is1" = Spyware Terminator
"Steam App 15620" = Warhammer 40,000: Dawn of War II
"SynTPDeinstKey" = Dell Touchpad
"UN070618" = BUFFALO TurboUSB for FLASH/HDD
"WinGed_is1" = winged version 1
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-16893666-2047212815-2700233743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.8.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 1/27/2011 8:08:46 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64835669
Error - 1/27/2011 8:08:46 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64835669
Error - 1/27/2011 8:08:47 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/27/2011 8:08:47 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64836683
Error - 1/27/2011 8:08:47 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64836683
Error - 1/27/2011 8:08:48 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/27/2011 8:08:48 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64837681
Error - 1/27/2011 8:08:48 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 64837681
Error - 1/27/2011 8:08:49 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 1/27/2011 8:08:49 PM | Computer Name = TyCoup-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 64838680
[ System Events ]
Error - 1/30/2011 5:38:13 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:13 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:13 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:14 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:14 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:14 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:14 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:14 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:14 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 1/30/2011 5:38:14 PM | Computer Name = TyCoup-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
< End of report >
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-30 17:52:29
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 Hitachi_ rev.DCDO
Running: mk6pi1qi.exe; Driver: C:\Users\TYCOUP~1\AppData\Local\Temp\pxryipog.sys
---- System - GMER 1.0.15 ----
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwClose [0x8D930606]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateFile [0x8D93005A]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateKey [0x8D92FD3C]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwCreateSection [0x8D931652]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteKey [0x8D92FE46]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey [0x8D92FF30]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwLoadDriver [0x8D9308CC]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwOpenFile [0x8D930362]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwSetValueKey [0x8D92FBBA]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess [0x8D930814]
SSDT \??\C:\Windows\system32\drivers\sp_rsdrv2.sys ZwWriteFile [0x8D930494]
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!KeSetEvent + 1A9 81EC290C 4 Bytes [06, 06, 93, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D9 81EC293C 4 Bytes [5A, 00, 93, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1E9 81EC294C 4 Bytes [3C, FD, 92, 8D]
.text ntkrnlpa.exe!KeSetEvent + 215 81EC2978 4 Bytes [52, 16, 93, 8D]
.text ntkrnlpa.exe!KeSetEvent + 2D5 81EC2A38 4 Bytes [46, FE, 92, 8D]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C60F360, 0x35B8D2, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\Explorer.EXE[3632] Explorer.EXE 00962A7D 2 Bytes [C4, 14]
.text C:\Windows\Explorer.EXE[3632] Explorer.EXE 00962AA0 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\Windows\Explorer.EXE[3632] kernel32.dll!CreateProcessInternalW 767A53DF 5 Bytes JMP 007D758E
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01D82F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01D82CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01D82C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3208] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01D82CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\Vid.exe[3568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02A42F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\Vid.exe[3568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [02A42CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\Vid.exe[3568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02A42C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech Vid\Vid.exe[3568] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02A42CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01822F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01822CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01822C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[4076] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01822CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\BTHUSB \Device\000000a5 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
Device \Driver\BTHUSB \Device\000000a7 bthport.sys (Bluetooth Bus Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001c26e034fa
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001c26e034fa (not active ControlSet)
---- EOF - GMER 1.0.15 ----