Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Search Warning JS:Downloader-DO Adware Feed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby lavega21 » October 13th, 2009, 10:13 pm

Hi there,

SO I started doing all the fine tuning and When I tried to remove Ask(dot)com toolbar, Armor Online try to stop a program but I said block and now when search google with firefox I am back getting the message from Avast about v1.adwarefeed(dot)com?

Here the history from Armor during that time span, hopefully it tells you something....

Program Guard 10/13/2009 18:03 Blocked C:\Documents and Settings\Luis Vega\Local Settings\Temp\ZNW39\NDP1.1sp1-KB953297-X86.msp wants to remotely control C:\WINDOWS\system32\svchost.exe(1116)

Program Guard 10/13/2009 18:03 Blocked C:\Program Files\AskBarDis\unins000.exe(5824) wants to start C:\Documents and Settings\Luis Vega\Local Settings\Temp\_iu14D2N.tmp
Program Guard 10/13/2009 18:02 Allowed C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Program Guard 10/13/2009 18:00 Allowed C:\Program Files\AskBarDis\unins000.exe
Program Guard 10/13/2009 17:58 Allowed C:\WINDOWS\system32\dfrgntfs.exe


****I just noticed that it only happens in Firefox not IE 7. Ask toolbar add on is not installed on firefox but the ask search bar is showing on firefox right top corner****
lavega21
Regular Member
 
Posts: 45
Joined: October 18th, 2007, 6:33 pm
Location: Southern CA
Advertisement
Register to Remove

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby peku006 » October 14th, 2009, 2:32 am

Hi
Have you tried removing Ask(dot)com toolbar in a safe mode?
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby lavega21 » October 14th, 2009, 8:41 am

I have remove Ask tookbar in safe mode but Avast still giving me that warning when I use google search on Firefox.
lavega21
Regular Member
 
Posts: 45
Joined: October 18th, 2007, 6:33 pm
Location: Southern CA

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby peku006 » October 15th, 2009, 1:46 am

Hi Luis

what is the full text of the avast alert, e.g. the infected file name, where was it found e.g.
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby lavega21 » October 15th, 2009, 2:46 am

Here is the File name per Avast Warning:
h**p://v1.adwarefeed(dot)/ffjs.php?u=874521629-3284416822-627968155-507866122a=998&s=3&v=icv270109ff&e=google&q=dodgers\{gzip}

I remove the dot come and added ** so it wont be clickable.


Malware Name: JS:Downloader-DO [Trj]
Malware Type: Trojan Horse
VPS version: 091014-0, 10/14/2009

Then it gives me the option to "Abort connection"

Thanks for your help.

Luis
lavega21
Regular Member
 
Posts: 45
Joined: October 18th, 2007, 6:33 pm
Location: Southern CA

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby peku006 » October 16th, 2009, 2:11 am

Hi Luis

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby lavega21 » October 16th, 2009, 3:14 am

OTL logfile created on: 10/15/2009 11:35:21 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Luis Vega\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 48.47% Memory free
2.83 Gb Paging File | 2.19 Gb Available in Paging File | 77.14% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.44 Gb Total Space | 16.88 Gb Free Space | 24.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPBABY
Current User Name: Luis Vega
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Luis Vega\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\OAhlp.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
PRC - C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxsrvc.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\wbem\wmiprvse.exe (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (Adobe Version Cue CS3 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (AdobeActiveFileMonitor6.0 [Auto | Running]) -- C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bluetooth Hid Switch Service [Disabled | Stopped]) -- C:\Program Files\BlueTooth\HidSwitchService\HidSw.exe (Cambridge Silicon Radio)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (CCALib8 [Auto | Running]) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (EvtEng [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (FLEXnet Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus(R) Installer [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$SQLEXPRESS [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (MSSQLServerADHelper [Disabled | Stopped]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NICCONFIGSVC [Auto | Running]) -- C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Dell Inc.)
SRV - (OAcat [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\OAcat.exe (Tall Emu)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PSI_SVC_2 [Auto | Running]) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (RegSrvc [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (S24EventMonitor [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (SQLBrowser [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation)
SRV - (SQLWriter [Auto | Running]) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (SvcOnlineArmor [Auto | Running]) -- C:\Program Files\Tall Emu\Online Armor\oasrv.exe (Tall Emu)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WLANKEEPER [Auto | Running]) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe (Intel® Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AegisP [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\AegisP.sys (Meetinghouse Data Communications)
DRV - (AliIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (APPDRV [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS (Dell Inc)
DRV - (asc [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BCOREUSB [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BCOREUSB.sys (CSR)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (Cinemsup [System | Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (CmdIde [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DLABOIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLACDBHM [System | Running]) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLADResN [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLADResN.SYS (Sonic Solutions)
DRV - (DLAIFS_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLAOPIOM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLARTL_N [System | Running]) -- C:\WINDOWS\System32\Drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (DLAUDF_M [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAUDFAM [Auto | Running]) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DRVMCDB [Boot | Running]) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)
DRV - (DRVNDDM [Auto | Running]) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS (Sonic Solutions)
DRV - (DSproct [On_Demand | Stopped]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows (R) 2000 DDK provider)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HDAudBus.sys (Windows (R) Server 2003 DDK provider)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IWCA [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\iwca.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (mraid35x [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (OADevice [System | Running]) -- C:\WINDOWS\System32\drivers\OADriver.sys (Tall Emu)
DRV - (OAmon [System | Running]) -- C:\WINDOWS\System32\drivers\OAmon.sys (Tall Emu)
DRV - (OAnet [System | Running]) -- C:\WINDOWS\System32\drivers\OAnet.sys (Tall Emu Pty Ltd)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (regi [Auto | Running]) -- C:\WINDOWS\System32\drivers\regi.sys (InterVideo)
DRV - (rimmptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (s24trans [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\s24trans.sys (Intel Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SQTECH905C [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Capt905c.sys (Service & Quality Technology.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (sym_hi [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (symc810 [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (toshidpt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (tosporte [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfbd [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfcom [System | Running]) -- C:\WINDOWS\System32\Drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (Tosrfhid [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfusb [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (UDFReadr [System | Running]) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (ultra [Disabled | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (w29n51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\w29n51.sys (Intel® Corporation)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\S-1-5-21-3284416822-627968155-507866122-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3284416822-627968155-507866122-1006\S-1-5-21-3284416822-627968155-507866122-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.21.1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {64D95B14-4D3E-4199-80AA-B40F68F44EB7}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q="


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/25 23:12:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/17 22:36:05 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/13 19:21:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/13 19:21:58 | 00,000,000 | ---D | M]

[2009/02/04 14:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luis Vega\Application Data\mozilla\Extensions
[2009/02/04 14:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luis Vega\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/14 23:47:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luis Vega\Application Data\mozilla\Firefox\Profiles\pou44idi.default\extensions
[2009/09/18 19:27:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luis Vega\Application Data\mozilla\Firefox\Profiles\pou44idi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/22 11:22:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luis Vega\Application Data\mozilla\Firefox\Profiles\pou44idi.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/08/03 21:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luis Vega\Application Data\mozilla\Firefox\Profiles\pou44idi.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/04/28 01:32:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Luis Vega\Application Data\mozilla\Firefox\Profiles\pou44idi.default\extensions\moveplayer@movenetworks.com
[2009/10/14 23:47:33 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/04 18:13:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{64D95B14-4D3E-4199-80AA-B40F68F44EB7}
[2009/10/13 19:21:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/25 23:12:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/10/13 19:21:13 | 00,023,544 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/10/13 19:21:14 | 00,137,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/01 14:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2009/03/25 23:12:06 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/05/12 11:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/05/18 15:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/09/26 09:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2009/10/13 19:21:37 | 00,065,016 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2009/02/25 01:26:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/02/25 01:26:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/02/25 01:26:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/02/25 01:26:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/02/25 01:26:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/02/25 01:26:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/02/25 01:26:07 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/05/01 14:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2009/10/13 19:21:44 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/10/13 19:21:44 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/10/13 19:21:44 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/10/13 19:21:45 | 00,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/10/13 19:21:45 | 00,002,371 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/10/13 19:21:45 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/10/13 19:21:45 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (325214 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11154 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll (Google)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [@OnlineArmor GUI] C:\Program Files\Tall Emu\Online Armor\oaui.exe (Tall Emu)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKU\S-1-5-21-3284416822-627968155-507866122-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3284416822-627968155-507866122-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 31 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3284416822-627968155-507866122-1006\..Trusted Domains: 59 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} Reg Error: Value error. (Office Genuine Advantage Validation Tool)
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} https://download.macromedia.com/pub/sho ... swax70.cab (Macromedia Authorware Web Player Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} http://apps.corel.com/nos_dl_manager/pl ... Plugin.cab (get_atlcom Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Value error. (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {4F07DA45-8170-4859-9B5F-037EF2970034} - C:\Program Files\Tall Emu\Online Armor\oaevent.dll (Tall Emu)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1057bc1c-bab5-11db-bda6-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{1057bc1c-bab5-11db-bda6-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{1057bc1c-bab5-11db-bda6-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{15348884-2ce3-11de-b92e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{15348884-2ce3-11de-b92e-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{79cd2d0b-2c26-11de-b92d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{79cd2d0b-2c26-11de-b92d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79cd2d0b-2c26-11de-b92d-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{79cd2d0c-2c26-11de-b92d-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{79cd2d0c-2c26-11de-b92d-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0dd6a52-1b31-11de-b910-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a0dd6a52-1b31-11de-b910-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0dd6a74-1b31-11de-b910-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a0dd6a74-1b31-11de-b910-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a0dd6a74-1b31-11de-b910-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O33 - MountPoints2\{a0dd6a77-1b31-11de-b910-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{a0dd6a77-1b31-11de-b910-00038a000015}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/10/02 23:01:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Corel
[2009/10/10 04:31:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/12 15:29:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OnlineArmor
[2009/09/19 00:27:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Application Data\DivX
[2009/10/02 23:54:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Application Data\dvdcss
[2009/10/10 04:31:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Application Data\Malwarebytes
[2009/10/12 17:06:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Application Data\OnlineArmor
[2009/09/17 09:15:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Application Data\uTorrent
[2009/10/02 22:58:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Application Data\vlc
[2009/10/02 23:47:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Local Settings\Application Data\Deployment
[2009/10/13 18:32:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Local Settings\Application Data\PCHealth
[2009/09/19 00:25:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/10/02 23:03:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2009/09/17 09:31:51 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2009/10/10 04:31:08 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/17 09:35:00 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2009/09/17 13:35:58 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2009/10/12 15:29:09 | 00,000,000 | ---D | C] -- C:\Program Files\Tall Emu
[2009/10/02 22:46:11 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/09/17 09:34:14 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2009/09/17 09:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2009/10/15 23:33:42 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Luis Vega\Desktop\OTL.exe
[2009/10/13 21:33:12 | 00,246,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieproxy.dll
[2009/10/13 21:33:12 | 00,012,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpshims.dll
[2009/10/13 21:33:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2009/10/13 21:31:50 | 00,100,352 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iecompat.dll
[2009/10/13 21:28:40 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ieencode.dll
[2009/10/13 21:28:40 | 00,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieencode.dll
[2009/10/13 18:05:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQLTools9_KB970892_ENU
[2009/10/13 18:02:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\SQL9_KB970892_ENU
[2009/10/12 15:29:12 | 00,024,656 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/10/12 15:29:11 | 00,200,784 | ---- | C] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/10/12 15:29:11 | 00,029,776 | ---- | C] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/10/11 12:42:25 | 00,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\Luis Vega\Desktop\ATF-Cleaner.exe
[2009/10/10 04:31:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/10 04:31:09 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/10 04:29:57 | 04,045,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luis Vega\Desktop\mbam-setup.exe
[2009/10/03 00:19:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\Desktop\viewtopic.php_files
[2009/10/02 23:49:07 | 05,696,136 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Luis Vega\Desktop\R143248.EXE
[2009/10/02 22:59:44 | 02,332,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_29.dll
[2009/09/17 13:51:32 | 00,000,000 | ---D | C] -- C:\aa1a22f86452b2068cd914
[2009/09/17 13:50:39 | 00,000,000 | ---D | C] -- C:\060bd5a0cf419de466171cfa15b9bf
[2009/09/17 13:13:56 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/09/17 13:13:56 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/09/17 13:13:56 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/09/17 13:13:56 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/09/17 13:13:56 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/09/17 13:13:55 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/09/17 13:13:55 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/09/17 13:13:54 | 00,730,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/09/17 13:13:54 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/09/17 13:13:54 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/09/17 13:13:34 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/17 13:13:22 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/09/17 13:12:48 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/09/17 13:09:09 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/09/17 13:09:07 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/09/17 13:02:42 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/09/17 13:02:42 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/09/17 13:02:42 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/09/17 09:34:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2009/09/17 09:34:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Luis Vega\My Documents\Downloads
[2006/12/22 20:17:42 | 36,808,256 | ---- | C] (Apple Computer, Inc.) -- C:\Program Files\iTunesSetup.exe

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/10/15 23:33:44 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Luis Vega\Desktop\OTL.exe
[2009/10/15 22:47:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/15 22:47:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/15 22:47:19 | 16,016,34304 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/14 05:35:11 | 00,000,686 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/10/14 05:35:11 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/10/14 05:35:11 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/10/13 22:06:58 | 00,108,896 | ---- | M] () -- C:\Documents and Settings\Luis Vega\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/13 22:01:52 | 00,008,456 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/10/13 22:01:48 | 00,000,104 | RHS- | M] () -- C:\WINDOWS\System32\48963CA59C.sys
[2009/10/13 21:33:52 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/13 20:45:41 | 01,668,376 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/10/13 19:10:02 | 00,015,103 | ---- | M] () -- C:\Documents and Settings\Luis Vega\Desktop\Online Armor History.csv
[2009/10/13 18:57:25 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/13 18:39:40 | 00,565,274 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/13 18:39:40 | 00,486,360 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/13 18:39:40 | 00,088,388 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/12 15:29:55 | 00,088,716 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.idx
[2009/10/11 12:42:25 | 00,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\Luis Vega\Desktop\ATF-Cleaner.exe
[2009/10/10 04:31:13 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/10 04:29:58 | 04,045,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Luis Vega\Desktop\mbam-setup.exe
[2009/10/04 11:58:25 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Luis Vega\Desktop\HijackThis.lnk
[2009/10/04 07:59:17 | 00,000,963 | ---- | M] () -- C:\Documents and Settings\Luis Vega\Desktop\Spybot - Search & Destroy.lnk
[2009/10/03 23:45:51 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/10/03 00:20:01 | 00,029,505 | ---- | M] () -- C:\Documents and Settings\Luis Vega\Desktop\viewtopic.php.htm
[2009/10/03 00:02:49 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/02 23:54:07 | 00,002,828 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/02 23:49:36 | 05,696,136 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Luis Vega\Desktop\R143248.EXE
[2009/10/02 23:46:39 | 00,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/02 23:46:36 | 00,000,088 | RHS- | M] () -- C:\Documents and Settings\All Users\Application Data\9CA53C9648.sys
[2009/10/02 23:04:32 | 00,000,040 | -H-- | M] () -- C:\WINDOWS\System32\ivireg.ivr
[2009/10/02 22:44:01 | 18,527,244 | ---- | M] () -- C:\Documents and Settings\Luis Vega\Desktop\vlc-1.0.2-win32.exe
[2009/10/02 11:01:57 | 25,198,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/09/19 00:26:15 | 00,000,795 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/09/19 00:26:02 | 00,000,831 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/09/19 00:25:03 | 00,001,476 | ---- | M] () -- C:\Documents and Settings\Luis Vega\Desktop\DivX Movies.lnk
[2009/09/19 00:14:39 | 00,002,247 | ---- | M] () -- C:\WINDOWS\STHDVD.INI
[2009/09/18 19:26:09 | 00,013,677 | ---- | M] () -- C:\Documents and Settings\Luis Vega\Desktop\Rafael Collado's essay.docx
[2009/09/17 22:44:58 | 00,024,656 | ---- | M] (Tall Emu) -- C:\WINDOWS\System32\drivers\OAmon.sys
[2009/09/17 22:44:44 | 00,029,776 | ---- | M] (Tall Emu Pty Ltd) -- C:\WINDOWS\System32\drivers\OAnet.sys
[2009/09/17 22:44:40 | 00,200,784 | ---- | M] (Tall Emu) -- C:\WINDOWS\System32\drivers\OADriver.sys
[2009/09/17 09:36:27 | 00,000,915 | ---- | M] () -- C:\Documents and Settings\Luis Vega\My Documents\My Sharing Folders.lnk

========== Files - No Company Name ==========
[2009/10/14 05:34:00 | 16,016,34304 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/13 19:10:02 | 00,015,103 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Desktop\Online Armor History.csv
[2009/10/10 04:31:13 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/04 11:58:25 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Desktop\HijackThis.lnk
[2009/10/03 00:19:57 | 00,029,505 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Desktop\viewtopic.php.htm
[2009/10/03 00:02:49 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/10/02 23:28:56 | 00,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2009/10/02 23:28:56 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\9CA53C9648.sys
[2009/10/02 23:04:31 | 00,000,040 | -H-- | C] () -- C:\WINDOWS\System32\ivireg.ivr
[2009/10/02 22:42:07 | 18,527,244 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Desktop\vlc-1.0.2-win32.exe
[2009/09/19 00:26:02 | 00,000,831 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/09/19 00:25:03 | 00,001,476 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Desktop\DivX Movies.lnk
[2009/09/17 13:09:09 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/08/05 12:41:26 | 00,000,251 | ---- | C] () -- C:\Program Files\wt3d.ini
[2009/05/26 19:33:35 | 00,000,239 | ---- | C] () -- C:\WINDOWS\AWSHKWV.INI
[2009/04/18 08:23:10 | 00,000,028 | ---- | C] () -- C:\WINDOWS\SthVCD.INI
[2009/03/27 10:40:17 | 00,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/03/27 10:40:12 | 00,795,648 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/03/27 10:40:12 | 00,130,048 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/03/27 10:40:11 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2009/03/27 10:40:07 | 00,067,584 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/03/27 10:40:07 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/03/27 09:43:19 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/27 04:34:53 | 00,000,070 | ---- | C] () -- C:\WINDOWS\VCDISC.INI
[2009/03/27 04:06:33 | 00,002,247 | ---- | C] () -- C:\WINDOWS\STHDVD.INI
[2009/03/27 04:06:16 | 00,001,739 | ---- | C] () -- C:\WINDOWS\MENUTHEME.INI
[2009/03/27 04:06:16 | 00,001,266 | ---- | C] () -- C:\WINDOWS\DVDAMP.INI
[2009/02/19 23:41:07 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/02/19 01:38:06 | 00,000,095 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/11/15 12:09:43 | 00,000,098 | ---- | C] () -- C:\WINDOWS\WirelessFTP.INI
[2008/11/08 08:47:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2008/07/30 22:56:59 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Local Settings\Application Data\imageCache7.db
[2008/04/05 20:22:50 | 02,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/01/09 23:11:39 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2007/12/12 00:29:34 | 00,002,941 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/11/17 16:36:38 | 00,000,104 | RHS- | C] () -- C:\WINDOWS\System32\48963CA59C.sys
[2007/11/17 16:02:55 | 00,000,250 | ---- | C] () -- C:\WINDOWS\diamond.ini
[2007/11/07 18:50:48 | 00,000,302 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/10/10 21:35:27 | 00,061,678 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Application Data\PFP120JPR.{PB
[2007/10/10 21:35:27 | 00,012,358 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Application Data\PFP120JCM.{PB
[2007/10/05 22:18:30 | 00,008,456 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/09/29 15:23:23 | 00,000,009 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameD.txt
[2007/09/26 22:09:18 | 00,003,072 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Application Data\dvd.bmk
[2007/09/26 21:56:49 | 00,000,132 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Local Settings\Application Data\fusioncache.dat
[2007/09/07 13:16:45 | 00,108,896 | ---- | C] () -- C:\Documents and Settings\Luis Vega\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/06/21 22:02:27 | 00,329,728 | ---- | C] () -- C:\WINDOWS\eolclnt.dll
[2007/06/21 22:02:27 | 00,000,250 | ---- | C] () -- C:\WINDOWS\EDUCO.INI
[2007/03/05 14:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/03/03 01:39:51 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Luis Vega\Application Data\desktop.ini
[2006/02/21 13:17:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/02/21 13:01:34 | 00,000,004 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare
[2006/02/21 12:29:08 | 00,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/02/21 12:27:40 | 00,000,387 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/09/01 21:44:00 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:24 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2005/08/16 03:18:43 | 00,000,686 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/08/16 03:18:41 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/07/22 21:30:20 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2005/02/28 12:17:16 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/11/30 04:10:00 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\besched.dll
[2004/09/01 08:49:17 | 03,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/08/12 07:44:10 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2004/07/20 17:04:02 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2004/01/15 14:43:28 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/12/19 02:00:00 | 00,013,387 | ---- | C] () -- C:\WINDOWS\System32\CinemSup.sys
[2003/10/02 01:00:00 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lockout.dll
[2003/10/02 01:00:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\lockres.dll
< End of report >
lavega21
Regular Member
 
Posts: 45
Joined: October 18th, 2007, 6:33 pm
Location: Southern CA

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby lavega21 » October 16th, 2009, 3:16 am

OTL Extras logfile created on: 10/15/2009 11:35:22 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Luis Vega\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.72 Gb Available Physical Memory | 48.47% Memory free
2.83 Gb Paging File | 2.19 Gb Available in Paging File | 77.14% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.44 Gb Total Space | 16.88 Gb Free Space | 24.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LAPBABY
Current User Name: Luis Vega
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe" = C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:*:Disabled:Adobe Photoshop Elements Media Server -- ()
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Tencent\QQ Games\QQGames.exe" = C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games -- (Tencent America LLC)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\WINDOWS\system32\rtcshare.exe" = C:\WINDOWS\system32\rtcshare.exe:*:Enabled:RTC App Sharing -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{09E2111C-16B1-4DDF-BF0D-F994C9A12350}" = Adobe Setup
"{0DB166EE-3AC6-41A0-9E28-96736223B9E7}" = ToolBook Neuron
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{183135A3-2CE8-43B5-BA5A-757EBAECB413}" = Disney Pix Micro Downloader
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1A15507A-8551-4626-915D-3D5FA095CC1B}" = Corel Paint Shop Pro X
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23E5C72C-CC08-4EE0-9CC2-D925B232B331}" = Microsoft MSDN 2005 Express Edition - ENU
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Management Programs
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{459E93B6-150E-45d5-8D4B-45C66FC035FE}" = getPlus(R) for Corel
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{5FAFA143-AB41-4AAA-83FF-98232376C1B5}" = MHC Interactive: GED Integrated Online Solution
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{766E4715-B801-46B3-9D91-12288AB88428}" = DB CIF Cam
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111142333}" = Fish Tycoon
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = DB CIF Cam
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8A9B8148-DDD7-448F-BD6C-358386D32354}" = Corel Photo Album 6
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster burn engine by Roxio
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARDR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARDR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB6F4AB9-AC85-4002-9829-B6EEA55AE3A5}" = Microsoft Visual C++ 2005 Express Edition - ENU
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7F560B3-6EFF-4026-A982-843895A41149}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1C18EDD-571A-4BDD-BE7B-1DD86027D7FF}" = Adobe Creative Suite 3 Design Premium
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC8235CC-3D5A-4D32-94BE-E2F0A1749920}" = Disney Pix 2.0
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Google
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E93E5EF6-D361-481E-849D-F16EF5C78EBC}" = Musicmatch for Windows Media Player
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"26D2C2C3-CF14-4ED7-B1FC-0BE64AFBA3B3" = Polar Bowler
"3DGroove" = 3D Groove Playback Engine
"6B6A7665-DB48-4762-AB5D-BEEB9E1CD7FA" = SCRABBLE
"989E4C3B-B2C9-4486-9A09-D5A8F953837C" = Bejeweled 2 Deluxe
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_c14ac4070fd9614ffe63f4bb533db2c" = Add or Remove Adobe Creative Suite 3 Design Premium
"Aim Plugin for QQ Games" = Aim Plugin for QQ Games
"AIM_6" = AIM 6
"America Online us" = America Online (Choose which version to remove)
"AOL Connectivity Services" = AOL Connectivity Services
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"avast!" = avast! Antivirus
"C0A0AA4D-C79B-48CA-8843-2B02B626C9E6" = Blackhawk Striker 2
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Diamond Scheduler" = Diamond Scheduler
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.2
"Educo Learning System" = Educo Learning System
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EOS Utility" = Canon Utilities EOS Utility
"ESPNMotion" = ESPNMotion
"ffdshow_is1" = ffdshow [rev 2734] [2009-03-01]
"FLV Player" = FLV Player 2.0, build 24
"FoodWise" = FoodWise
"Free Realms Installer" = Free Realms Installer
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{5FAFA143-AB41-4AAA-83FF-98232376C1B5}" = MHC Interactive: GED Integrated Online Solution
"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft MSDN 2005 Express Edition - ENU" = Microsoft MSDN 2005 Express Edition - ENU
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual C++ 2005 Express Edition - ENU" = Microsoft Visual C++ 2005 Express Edition - ENU
"Mozilla Firefox (3.5.3)" = Mozilla Firefox (3.5.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Toolbar" = MSN Toolbar
"nickarcade" = Nick Aracde Toolbar
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ODSK" = Canon Utilities Original Data Security Tools
"OnlineArmor_is1" = Online Armor 3.5
"PhotoStitch" = Canon Utilities PhotoStitch
"ProInst" = Intel(R) PROSet/Wireless Software
"QQ BlackJack" = QQ BlackJack
"QQ Bubble Arena" = QQ Bubble Arena
"QQ Games" = QQ Games
"QQ Hearts" = QQ Hearts
"QQ Pool" = QQ Pool
"QQ Puzzle Dasher" = QQ Puzzle Dasher
"QQ Robo" = QQ Robo
"QQ Texas Hold'em" = QQ Texas Hold'em
"QQ Treasure Hunter" = QQ Treasure Hunter
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer Basic
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"STANDARDR" = Microsoft Office Standard 2007 Trial
"SthSDVD" = Hero DVD Player
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Fairly OddParents - Timmy`s Roach Rampage" = The Fairly OddParents - Timmy`s Roach Rampage (remove only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtools3DLifePlayer" = Virtools 3D Life Player
"VLC media player" = VLC media player 1.0.2
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"WFTK" = Canon Utilities WFT-E1/E2 Utility
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3284416822-627968155-507866122-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"309a46b1dc89b774" = Dell Driver Download Manager
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 1/13/2008 2:57:16 AM | Computer Name = LAPBABY | Source = avast! | ID = 33554522
Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.


Error - 2/20/2009 2:42:46 AM | Computer Name = LAPBABY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\D4NK9531\CanonMP6 failed, 00000005.

Error - 2/21/2009 8:30:15 PM | Computer Name = LAPBABY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\D4NK9531\CanonMP6 failed, 00000005.

Error - 2/21/2009 8:30:18 PM | Computer Name = LAPBABY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\D4NK9531\CanonMP6 failed, 00000005.

Error - 2/21/2009 8:35:17 PM | Computer Name = LAPBABY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\D4NK9531\CanonMP6 failed, 00000005.

Error - 2/21/2009 8:40:00 PM | Computer Name = LAPBABY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\D4NK9531\CanonMP6 failed, 00000005.

Error - 2/21/2009 8:44:39 PM | Computer Name = LAPBABY | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
\\D4NK9531\CanonMP6 failed, 00000005.

[ Application Events ]
Error - 10/14/2009 8:34:18 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/14/2009 8:34:18 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/15/2009 2:34:59 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/15/2009 2:34:59 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/15/2009 2:35:45 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/15/2009 2:35:45 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/16/2009 1:47:32 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/16/2009 1:47:32 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/16/2009 1:48:54 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 10/16/2009 1:48:54 AM | Computer Name = LAPBABY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 10/14/2009 8:29:43 AM | Computer Name = LAPBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 10/14/2009 8:30:25 AM | Computer Name = LAPBABY | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBios over Tcpip service
which failed to start because of the following error: %%31

Error - 10/14/2009 8:30:25 AM | Computer Name = LAPBABY | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 10/14/2009 8:30:25 AM | Computer Name = LAPBABY | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD service which
failed to start because of the following error: %%31

Error - 10/14/2009 8:30:25 AM | Computer Name = LAPBABY | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 10/14/2009 8:30:25 AM | Computer Name = LAPBABY | Source = Service Control Manager | ID = 7001
Description = The Bonjour Service service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 10/14/2009 8:30:25 AM | Computer Name = LAPBABY | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 10/14/2009 8:30:25 AM | Computer Name = LAPBABY | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD APPDRV aswSP aswTdi cdudf_xp Cinemsup Fips intelppm IPSec MRxSmb NetBIOS NetBT
OADevice
OAmon
OAnet
RasAcd
Rdbss
Tcpip
Tosrfcom
WS2IFSL

Error - 10/14/2009 8:30:26 AM | Computer Name = LAPBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 10/14/2009 8:33:07 AM | Computer Name = LAPBABY | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >
lavega21
Regular Member
 
Posts: 45
Joined: October 18th, 2007, 6:33 pm
Location: Southern CA

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby peku006 » October 16th, 2009, 9:50 am

Hi Luis

Please do the following:

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code: Select all
:OTLI
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q="


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby lavega21 » October 17th, 2009, 5:55 am

I ran the "Run Fix" and when it was done it created this text log:

Error: Unable to interpret <:OTLI> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.defaultenginename: "Ask"> in the current context!
Error: Unable to interpret <FF - prefs.js..browser.search.order.1: "Ask"> in the current context!
Error: Unable to interpret <FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q="> in the current context!

OTL by OldTimer - Version 3.0.21.0 log created on 10172009_021503


Do you want me to do a "Run Scan"? Should I checked "Scan all users"?
lavega21
Regular Member
 
Posts: 45
Joined: October 18th, 2007, 6:33 pm
Location: Southern CA

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby peku006 » October 17th, 2009, 8:21 am

Hi Luis

Let´s try this

  • Please download GooredFix and save it to your Desktop.
  • Double-click Goored.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

Do not run Option #2 yet.

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby lavega21 » October 17th, 2009, 1:46 pm

Peeku,

I'm sorry but the program did not give me an option 1 or 2 it just ran autamatically and generated this log:
I double click and then it gave me a yes or no option to run the program i click yes.


GooredFix by jpshortstuff (24.09.09.1)
Log created at 10:42 on 17/10/2009 (Luis Vega)
Firefox version 3.5.3 (en-US)

========== GooredScan ==========

Deleting "C:\Program Files\Mozilla Firefox\extensions\{64D95B14-4D3E-4199-80AA-B40F68F44EB7}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [21:36 04/02/2009]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [06:12 26/03/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [06:12 26/03/2009]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:57 01/04/2009]

-=E.O.F=-
lavega21
Regular Member
 
Posts: 45
Joined: October 18th, 2007, 6:33 pm
Location: Southern CA

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby peku006 » October 17th, 2009, 2:02 pm

Hi Luis

do not worry, all is well :)

How's the computer running now? Any problems?

Thanks peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby lavega21 » October 17th, 2009, 4:59 pm

Peku,

Sorry I think I got your name wrong on the last post.

It looks great...I've been using google with Firefox and I am no longer getting the avast warning.

I thank you for your help and patience.

BTW,

I want to apply to the unversity and also hellp others. I submitted an application last week when I thought I was clean so maybe I have to apply again, but this time I'll wait until the thread is closed.

Once agian, thank you and hopefully I'll be able to stick around the forum to help others in the futute.



Luis
lavega21
Regular Member
 
Posts: 45
Joined: October 18th, 2007, 6:33 pm
Location: Southern CA

Re: Google Search Warning JS:Downloader-DO Adware Feed

Unread postby peku006 » October 18th, 2009, 3:01 am

Hi Luis

Sorry I think I got your name wrong on the last post.

do not worry, Peeku is one of the many different forms of peku
It looks great...I've been using google with Firefox and I am no longer getting the avast warning.

great that the machine is working properly without any warnings from avast
I want to apply to the unversity and also hellp others. I submitted an application last week when I thought I was clean so maybe I have to apply again, but this time I'll wait until the thread is closed.
Once agian, thank you and hopefully I'll be able to stick around the forum to help others in the futute.

you need not apply again,(I close this tomorrow) welcome and Good luck with the training

peku006
User avatar
peku006
MRU Emeritus
MRU Emeritus
 
Posts: 3357
Joined: May 14th, 2007, 2:18 pm
Location: Norway
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 295 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware