Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

epoclick.com virus?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: epoclick.com virus?

Unread postby askey127 » November 4th, 2010, 7:45 pm

imeahl,
---------------------------------------------
  1. Please download OTL.exe by OldTimer and save it to your desktop.
  2. Right click on OTL.exe and select Run As Administrator to run it. If Windows UAC prompts you, please allow it.
    • Under the Custom Scans/Fixes box at the bottom, paste in the following:
      Code: Select all
      :processes
      killallprocesses
      
      :Files
      C:\Program Files\Common Files\Java\
      C:\ProgramData\Sun\Java\
      C:\Users\All Users\Sun\Java\
      C:\Users\Linda Meahl\AppData\LocalLow\Sun\
      C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\
      C:\Windows\Sun\
      
      :Commands
      [REBOOT}
      
    • Then click the Run Fix button at the top.
    • Let the program run unhindered and reboot the PC when it is done.
    • Open OTL again, right click and "Run as administrator"
    • Click on the Run Scan button at the top left hand corner.
    • OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
      They will be saved on your desktop.
      If you have ever run this program before, it will only open one file, OTL.txt.
      Please post the contents of these file(s).
      You may use separate replies if you wish.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Re: epoclick.com virus?

Unread postby lmeahl » November 5th, 2010, 8:28 am

Here are the logs:

OTL logfile created on: 11/5/2010 8:21:35 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Linda Meahl\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 144.31 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: MOM-LAPTOP | User Name: Linda Meahl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 08:14:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Linda Meahl\Desktop\OTL.exe
PRC - [2010/10/28 07:55:35 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/28 07:55:34 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/10/17 13:43:38 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/05 00:52:54 | 000,304,448 | ---- | M] (Smilebox, Inc.) -- C:\Users\Linda Meahl\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2010/09/18 12:50:08 | 000,095,744 | ---- | M] () -- C:\Program Files\easy gadget\easy gadget.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 13:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/11 02:28:15 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 10:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/05/06 20:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files\Shutterfly\Studio\Bin\SFlyStudio.exe
PRC - [2008/01/31 14:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/11/09 20:51:40 | 000,540,672 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/11/05 21:34:58 | 000,741,376 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2004/06/09 14:16:08 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2003/06/18 13:00:00 | 000,200,704 | ---- | M] (Microsoft Corp.) -- C:\Program Files\microsoft money\System\mnyexpr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 08:14:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Linda Meahl\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/06/09 20:37:48 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/05/19 15:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/23 11:33:34 | 000,064,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/10/23 06:05:13 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/10/23 06:05:13 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/10/23 06:05:13 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/07/17 18:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008/07/06 16:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/29 10:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/06/10 14:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/03 10:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008/04/17 14:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 21:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 21:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 21:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/12/12 11:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Assistant = http://www.seekseek.com/quicksearch.asp?keyphrase=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-76-0-TXZm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#"
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..keyword.URL: "https://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/07/14 13:36:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/25 09:12:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 19:40:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/03 19:40:10 | 000,000,000 | ---D | M]

[2010/07/15 16:14:38 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Extensions
[2010/07/15 16:14:38 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/11/04 09:31:22 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions
[2010/08/21 19:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/07/15 18:08:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/14 23:57:56 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010/08/20 07:32:02 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2010/08/20 07:32:06 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/08/20 07:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/08/20 07:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/04/21 10:01:12 | 000,001,836 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\searchplugins\bing-ff.xml
[2010/01/20 13:15:44 | 000,000,923 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\searchplugins\conduit.xml
[2010/01/23 09:21:40 | 000,004,779 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\searchplugins\web-search.xml
[2010/11/02 09:28:48 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/22 16:59:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/08/10 12:51:05 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/10/22 16:58:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Linda Meahl\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Users\Linda Meahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearPlay Easy Updates.lnk = C:\Program Files\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe (ClearPlay Inc.)
O4 - Startup: C:\Users\Linda Meahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\easy gadget.lnk = C:\Program Files\easy gadget\easy gadget.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\mastercook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ([]msn in Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d3a4957-04e2-11de-a197-001f165fc987}\Shell\AutoRun\command - "" = F:\ClearPlayEasyUpdates.exe -- File not found
O33 - MountPoints2\{6b47fda9-f941-11de-b0a7-001f165fc987}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 08:15:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/05 08:14:03 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Linda Meahl\Desktop\OTL.exe
[2010/11/03 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/11/03 19:38:56 | 001,068,528 | ---- | C] (Coupons.com Incorporated) -- C:\Users\Linda Meahl\Desktop\couponprinter(2).exe
[2010/11/03 19:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/11/03 08:31:13 | 016,074,528 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Linda Meahl\Desktop\jre-6u22-windows-i586.exe
[2010/11/02 13:34:13 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\Desktop\GooredFix Backups
[2010/10/27 09:15:13 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\Auslogics
[2010/10/27 08:44:38 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\ParetoLogic
[2010/10/27 08:44:38 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\DriverCure
[2010/10/27 08:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/10/27 08:14:21 | 001,696,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2010/10/27 08:14:20 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/10/27 08:14:19 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/10/23 09:22:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/22 16:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/22 16:58:58 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/21 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\Documents\My Kindle Content
[2010/10/21 09:18:54 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Local\Amazon
[2010/10/20 08:18:36 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\AVG10
[2010/10/20 08:08:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/20 08:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/20 07:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\avg8
[2010/10/20 07:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/18 16:54:55 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\Desktop\HijackThis
[2010/10/17 13:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/17 13:54:08 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/16 09:34:09 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010/10/16 09:33:06 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010/10/16 09:31:37 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010/10/16 09:31:34 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010/10/16 09:31:34 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010/10/16 09:31:30 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/10/16 09:31:26 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2010/10/16 09:31:17 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010/10/16 09:28:11 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010/10/16 09:28:08 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010/10/16 09:28:08 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/10/16 09:28:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/10/16 09:28:07 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/10/15 21:38:52 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\Malwarebytes
[2010/10/15 21:35:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/15 21:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/15 21:35:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/15 21:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/14 09:58:05 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[3 C:\Users\Linda Meahl\Documents\*.tmp files -> C:\Users\Linda Meahl\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/05 08:23:22 | 000,640,816 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/05 08:23:22 | 000,119,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/05 08:20:30 | 000,000,220 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/11/05 08:19:51 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 08:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 08:17:10 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 08:17:09 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 08:17:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/05 08:16:56 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/05 08:14:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Linda Meahl\Desktop\OTL.exe
[2010/11/05 06:56:49 | 000,000,000 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Local\prvlcl.dat
[2010/11/04 21:06:38 | 015,949,824 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Our Money.mny
[2010/11/04 18:41:38 | 098,428,925 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/04 17:27:53 | 000,075,264 | ---- | M] () -- C:\Users\Linda Meahl\Desktop\SystemLook.exe
[2010/11/04 17:22:56 | 017,965,728 | R--- | M] () -- C:\Users\Linda Meahl\Documents\Our Money Backup.mbf
[2010/11/03 19:38:58 | 001,068,528 | ---- | M] (Coupons.com Incorporated) -- C:\Users\Linda Meahl\Desktop\couponprinter(2).exe
[2010/11/03 19:26:16 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/11/03 08:31:22 | 016,074,528 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Linda Meahl\Desktop\jre-6u22-windows-i586.exe
[2010/11/03 07:52:12 | 004,089,184 | R--- | M] () -- C:\Users\Linda Meahl\Documents\Kids - Allowance Backup.mbf
[2010/11/03 07:52:12 | 004,087,808 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Kids - Allowance.mny
[2010/11/02 19:40:30 | 014,845,413 | ---- | M] () -- C:\Users\Linda Meahl\Desktop\Belkin Router Manual.pdf
[2010/11/02 19:31:10 | 000,030,744 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Belkin Network Security code.rtf
[2010/11/02 16:32:53 | 567,093,974 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/30 20:17:46 | 000,002,677 | ---- | M] () -- C:\Users\Linda Meahl\Desktop\Launch ClearPlay Easy Updates.lnk
[2010/10/29 08:44:09 | 000,027,136 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Proverb of the Day.doc
[2010/10/28 09:44:45 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/22 16:58:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010/10/22 16:54:22 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/21 21:35:29 | 000,000,076 | ---- | M] () -- C:\Windows\AssistantWizard.INI
[2010/10/21 09:18:57 | 000,002,138 | ---- | M] () -- C:\Users\Linda Meahl\Desktop\Kindle For PC.lnk
[2010/10/19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010/10/16 22:39:10 | 000,482,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/16 13:55:49 | 004,231,168 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Rental-Colleen.mny
[2010/10/16 13:55:49 | 004,208,000 | R--- | M] () -- C:\Users\Linda Meahl\Documents\Rental-Colleen Backup.mbf
[2010/10/07 17:15:11 | 000,011,264 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Users\Linda Meahl\Documents\*.tmp files -> C:\Users\Linda Meahl\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/04 18:41:38 | 098,428,925 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/04 17:27:52 | 000,075,264 | ---- | C] () -- C:\Users\Linda Meahl\Desktop\SystemLook.exe
[2010/11/02 19:40:21 | 014,845,413 | ---- | C] () -- C:\Users\Linda Meahl\Desktop\Belkin Router Manual.pdf
[2010/11/02 19:10:22 | 000,030,744 | ---- | C] () -- C:\Users\Linda Meahl\Documents\Belkin Network Security code.rtf
[2010/10/23 09:23:38 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/22 16:54:22 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/21 17:34:43 | 000,000,076 | ---- | C] () -- C:\Windows\AssistantWizard.INI
[2010/10/21 09:18:57 | 000,002,138 | ---- | C] () -- C:\Users\Linda Meahl\Desktop\Kindle For PC.lnk
[2010/10/19 19:22:59 | 000,000,766 | ---- | C] () -- C:\Windows\System\CRIcon.ico
[2010/10/15 22:56:06 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/07 23:30:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/04 11:44:59 | 000,000,292 | ---- | C] () -- C:\Windows\KA.INI
[2009/12/09 14:14:10 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\prvlcl.dat
[2009/11/16 16:26:05 | 000,004,096 | -H-- | C] () -- C:\Users\Linda Meahl\AppData\Local\keyfile3.drm
[2009/09/12 08:33:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/08 19:42:20 | 000,000,099 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\fusioncache.dat
[2009/08/03 20:08:34 | 000,017,562 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Roaming\UserTile.png
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/23 18:03:11 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/23 18:01:45 | 000,000,739 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/07/23 18:01:45 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/07/23 17:58:03 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009/07/23 17:57:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/07/23 17:57:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/07/23 17:55:32 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/07/16 19:57:16 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2009/07/14 08:58:11 | 000,005,972 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\d3d9caps.dat
[2009/05/13 22:33:26 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/03/04 12:44:41 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/02/16 23:07:13 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\FnF4.txt
[2009/02/11 22:18:59 | 000,011,264 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/09 19:28:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/02/09 19:25:48 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX400.ini
[2009/02/08 17:25:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2009/02/07 22:03:22 | 000,000,025 | ---- | C] () -- C:\Windows\EPR220.ini
[2009/02/07 21:41:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/07 19:41:41 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\QSwitch.txt
[2009/02/07 19:41:41 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\DSwitch.txt
[2009/02/07 19:41:41 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\AtStart.txt
[2009/01/08 01:38:34 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/08 01:38:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/08 01:38:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/08 01:37:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/08 01:35:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/08 01:35:12 | 000,000,220 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 06:50:32 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 06:46:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 06:44:45 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 06:43:42 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/07/06 16:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 10:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/10/18 10:56:53 | 000,001,648 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Roaming\Access10.pip

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:4FA486F6

< End of report >

OTL Extras logfile created on: 11/5/2010 8:21:35 AM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Linda Meahl\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 52.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 144.31 Gb Free Space | 50.25% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: MOM-LAPTOP | User Name: Linda Meahl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19D2400C-D2E7-4C4D-A81A-C85C71F1A5DF}" = rport=138 | protocol=17 | dir=out | app=system |
"{1E4E32F3-B034-4EB1-B80E-796B31F79CAF}" = rport=445 | protocol=6 | dir=out | app=system |
"{26FBAF8E-6FDE-4F37-AAD7-83915DAC9927}" = lport=138 | protocol=17 | dir=in | app=system |
"{3F40A1CA-962D-4679-BC9B-66D8B52BACB4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4413B9A6-D9CA-4D58-9A03-F80418C6311C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4CE0DAD6-130B-4B14-8BAB-8120BFF800EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5F9AD889-F535-47D5-913A-31D14298F281}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{72C2A7DF-3C66-46CF-A7AF-D15BDDC48CCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{77D626F2-7184-41C1-B5A7-5FDA6EB1A0A7}" = rport=137 | protocol=17 | dir=out | app=system |
"{7AB1FCB3-587B-4CB1-A4B6-5013DD5AC9EF}" = lport=139 | protocol=6 | dir=in | app=system |
"{7CC7F620-6328-4439-B847-BC46323507A1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7F2BFC0C-0652-46F8-8154-C56AF74F985E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{835A7387-41D2-40F1-B637-5F72FD7C210E}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{9012612D-6DEE-40B8-957F-CFAE584BE584}" = lport=137 | protocol=17 | dir=in | app=system |
"{A25E6DD3-03E6-4796-B000-49B2B3C77CEA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AA8A9667-E6BA-4340-9155-DEF839C3DF8E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{CDC61575-9FD3-42FD-BD9D-5EA91A16D29A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF8F9C61-2E73-4738-AEDC-7F28C8801C61}" = rport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{ED4A39F7-5285-4427-81C4-DEBC6D59A252}" = lport=445 | protocol=6 | dir=in | app=system |
"{F9388165-0884-4330-B9D9-6DB6BBF24EC3}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FCCDA235-406E-4004-8FD8-9A6B0CDD1DDD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FF8044B8-FE7D-42E9-B972-21806DCCE6B9}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0169D0F7-CFA8-497D-9453-E4890EF26621}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{0FF65436-3D9B-4403-BAC0-80B543D1227E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{12F141D3-B0C8-425E-987E-3C56A93DBE39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{192479A2-EDDF-4C29-A2EA-61383FD09B99}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{207A037B-F65C-4BFF-8853-190F915DD169}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{27CEB82B-329A-4B48-AF69-F58FC8B9D2A8}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{3053D97C-241E-4AC5-9170-CB3FF8399023}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3349D889-DA0B-4E29-BB84-95EBDA1E1EA2}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{3A8EBA27-4EED-45B3-8B76-E5CFC98C7596}" = protocol=17 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{43C44FA8-E63D-490C-84E2-C5CAC6A6D512}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{46C70CD3-F60A-46CA-B43C-6738C988F506}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{47CDEC5D-5763-43E3-9E86-8186E7E99DC9}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{4AD4F3F7-5793-4DE9-A4C8-DA835E624508}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{5BB9C295-0899-4C48-9DCA-5F39A8800862}" = protocol=6 | dir=in | app=c:\windows\system32\spoolsv.exe |
"{6482ECD8-DE8F-4180-AB11-8DF61BCCD9E8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{68D54EBB-2E5B-44A1-9B86-6B4EF30D426C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6989FED3-F76D-46DC-9C87-2F152F27FC98}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6E1E0729-6B3C-47E6-9150-DD870C845467}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7193DA24-450F-495D-BFBC-A9E1EFED97D1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{78CFD9DC-48D9-4268-B191-63582F3F7EED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{79C71B13-04E8-453F-94BD-82F1B6136B9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7BA14482-4490-47C6-A014-AF05210CD657}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{81B5A47D-5E70-4A33-BA70-8367D9CB147B}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{8F0CA7E2-5B66-4E66-B922-3601E0D69F68}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{92CD2E61-BB7D-4068-98F2-33DC08E51701}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{934D0AC3-FE55-4340-9C7E-8C34C8ACB0B5}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{96B87A12-D29C-4ACB-A048-3CF749B4CE21}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9EF27640-6ABD-4260-AFFC-A5FF1259C31F}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{B0C1ED44-BD3C-4CA8-B7C4-C9B5AEADE168}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{B155B1EF-127B-4DE3-B05D-968F9B3B5F03}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{BED249D5-546D-4663-882D-28CA9ED87B94}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BFB00B26-95B8-4DCF-8E36-086876BAC94A}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{C0FB8B55-836B-4123-A61D-D913154387E8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CF7F6C66-FD96-4D10-9745-8C43F10523C0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CFB64A75-B644-4383-8E88-55AE3F41C32C}" = protocol=6 | dir=out | app=system |
"{DA71E547-2B39-4CF9-9156-64A68B488862}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA2972D3-F88C-48D4-89EB-20D12727C2AA}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EA40B68D-84B8-46A3-AFA3-5BA14DF7C353}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{F28066EC-F6A1-4E0C-AAED-EBD6E06E1220}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F85E1F7E-3870-4582-B629-04F6717A4D43}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{FACD16DF-AF00-4338-A6CE-687B6B0CA8DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FFBFA1C0-0876-4554-9CAC-428BA63ACD54}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FFF0176A-DD75-4F01-B813-9BCF26B98E45}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{1FE4F064-5C25-42EC-A3AE-541B28051014}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5F00F56D-28B2-4507-B2FF-6ECDAF433E6A}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{6E1AD898-EBAC-449F-884A-F3E5A9A8A751}C:\program files\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{CCEFB453-EA15-4AF1-A9CD-3803EAA9D9A0}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=6 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"UDP Query User{49BD85C8-0B4F-4DEE-89C0-912B58BF9D99}C:\program files\real alternative\media player classic\mplayerc.exe" = protocol=17 | dir=in | app=c:\program files\real alternative\media player classic\mplayerc.exe |
"UDP Query User{7B968FAA-AE13-4C25-9B00-0F7515688E62}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{9F8FC41A-2CCC-4DC6-80FD-0142C50DFF38}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F6993D-B763-4F40-8F93-2A9CD97586E3}" = Microsoft IntelliType Pro 6.3
"{0323CB96-221A-4042-84A3-93EDE47099FC}" = AVG 2011
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software 1.14.17.1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{1A258E63-8DF5-4ADB-9832-38A0121D65EB}" = AVG 2011
"{1D643CD4-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 H2
"{3818E081-EAA2-012B-AD94-000000000000}" = TurboTax 2009 WinBizFedFormset
"{3830D551-EAA2-012B-AD9A-000000000000}" = TurboTax 2009 WinBizReleaseEngine
"{383CBC31-EAA2-012B-AD9D-000000000000}" = TurboTax 2009 WinBizTaxSupport
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3C5A81D1-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{46E1B1F2-A279-4356-9B17-029F9CC72EAE}" = Brother MFL-Pro Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66A9D30D-1464-4C7F-B2F3-507DADAF2595}" = Microsoft IntelliPoint 6.3
"{672D0014-71A9-45EF-B10E-DEF7426961A6}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11
"{809987B2-F964-11D4-A1A5-00104BD190B1}" = QuickBooks Basic 2002
"{812FF41B-6870-2964-2572-379477CEDA97}" = easy gadget
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846DDADA-0239-4B67-A6B1-33658863793B}" = HPTCSSetup
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8CCD293C-0563-4EB0-BFAF-F279B61A6F32}" = ClearPlay Easy Updates
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ULTIMATER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ULTIMATER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ULTIMATER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ULTIMATER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ULTIMATER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002E-0000-0000-0000000FF1CE}_ULTIMATER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95ED1AC3-DF2A-4719-B029-909C0875CD8F}" = Creative Memories StoryBook Creator Plus 3
"{96384578-C6A2-4EC6-92CD-B62A60713040}" = Microsoft Live Search Toolbar
"{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{A3C7B70F-E60A-4429-B0EF-D5289EF89C5B}" = Creative Memories StoryBook Creator Plus
"{A75786C7-3B59-47D9-AC50-EAC910355FC3}" = Advantage Cooking!
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D88AE807-6177-11D4-A527-0004AC5DECB4}" = Earobics Step 1 Home
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{ECD5B8F0-84AE-4347-9365-9D793A99B701}" = REA's TESTware for the FTCE Elementary Ed
"{F0681859-D086-4384-B204-386FA7D80A5B}" = SplashShopper
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF8157AA-F640-45BD-B7C2-BAA1016B267A}" = palmOne
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advantage Cooking! 2.0" = Advantage Cooking! 2.0
"AI RoboForm" = AI RoboForm (All Users)
"Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"AVG" = AVG 2011
"CANONIJPLM100" = PIXMA Extended Survey Program
"Chapura PocketCopy Uninstall_is1" = Chapura PocketCopy 2.1.3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Creative Lettering Combo" = Creative Lettering Combo
"Creative OA004" = Integrated Webcam Driver (1.00.03.0720)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Stylus NX400 Series" = EPSON Stylus NX400 Series Printer Uninstall
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{99B366B0-76B6-4DBA-95A3-A730015A7D01}" = MasterCook Deluxe 9
"InstallShield_{A75786C7-3B59-47D9-AC50-EAC910355FC3}" = Advantage Cooking!
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Musicnotes Combined Installer_is1" = Musicnotes Software Suite 1.4.2
"Ready32" = Fisher~Price® Ready For School
"RealAlt_is1" = Real Alternative 2.0.1
"Revo Uninstaller" = Revo Uninstaller 1.90
"ScienceMatrix_Pre-Release_Version_1.0" = ScienceMatrix Demo v1.05 Demo Version 1.05
"SFlyStudio" = Shutterfly Studio
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2009" = TurboTax 2009
"TurboTax Business 2009" = TurboTax Business 2009
"ULTIMATER" = Microsoft Office Ultimate 2007
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon Kindle For PC" = Amazon Kindle For PC v1.1
"Smilebox" = Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/28/2010 9:31:28 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 47518

Error - 8/28/2010 9:31:29 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/28/2010 9:31:29 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 48532

Error - 8/28/2010 9:31:29 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 48532

Error - 8/28/2010 9:31:30 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/28/2010 9:31:30 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 49530

Error - 8/28/2010 9:31:30 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 49530

Error - 8/28/2010 9:31:31 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/28/2010 9:31:31 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 50529

Error - 8/28/2010 9:31:31 PM | Computer Name = Mom-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 50529

[ OSession Events ]
Error - 8/29/2009 10:25:14 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/29/2009 10:25:24 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 8/29/2009 10:25:41 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/1/2009 10:22:45 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/11/2009 2:51:01 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/22/2009 4:33:40 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/25/2009 5:58:42 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 13
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/25/2009 5:59:39 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/12/2009 2:47:01 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
seconds with 0 seconds of active time. This session ended with a crash.

Error - 10/12/2009 2:47:42 PM | Computer Name = Mom-Laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 11/1/2010 4:47:49 PM | Computer Name = Mom-Laptop | Source = BROWSER | ID = 8032
Description =

Error - 11/2/2010 8:35:00 AM | Computer Name = Mom-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/2/2010 9:33:29 AM | Computer Name = Mom-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/2/2010 10:03:44 AM | Computer Name = Mom-Laptop | Source = BROWSER | ID = 8032
Description =

Error - 11/2/2010 4:33:08 PM | Computer Name = Mom-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 4:31:14 PM on 11/2/2010 was unexpected.

Error - 11/2/2010 4:34:39 PM | Computer Name = Mom-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/2/2010 7:26:47 PM | Computer Name = Mom-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/3/2010 10:03:37 PM | Computer Name = Mom-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/5/2010 6:39:08 AM | Computer Name = Mom-Laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 11/5/2010 8:18:35 AM | Computer Name = Mom-Laptop | Source = Service Control Manager | ID = 7000
Description =


< End of report >
lmeahl
Regular Member
 
Posts: 20
Joined: October 14th, 2010, 11:10 am

Re: epoclick.com virus?

Unread postby askey127 » November 5th, 2010, 11:40 am

imeahl,
----------------------------------------------
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    [2010/10/22 16:59:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    2010/10/22 16:58:34 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
    
    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{4A03706F-666A-4037-7777-5F2748764D10}" =-
    
    :Files
    C:\Windows\System32\deployJava1.dll
    C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    C:/Windows/Java/classes/xmldso.cab
    
    :Commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

De0ending on the results, this may be enough to enable installation of the new Java.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: epoclick.com virus?

Unread postby lmeahl » November 5th, 2010, 3:19 pm

Ok, here's the new log:

OTL logfile created on: 11/5/2010 3:14:40 PM - Run 2
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\Linda Meahl\Desktop\Computer Maintenance
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 287.21 Gb Total Space | 144.08 Gb Free Space | 50.17% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 1.81 Gb Free Space | 16.63% Space Free | Partition Type: NTFS

Computer Name: MOM-LAPTOP | User Name: Linda Meahl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/05 08:14:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Linda Meahl\Desktop\Computer Maintenance\OTL.exe
PRC - [2010/10/17 13:43:38 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/11 12:58:12 | 000,725,072 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/10/06 17:24:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/06 17:24:36 | 001,065,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/06 17:24:08 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/05 00:52:54 | 000,304,448 | ---- | M] (Smilebox, Inc.) -- C:\Users\Linda Meahl\AppData\Roaming\Smilebox\SmileboxTray.exe
PRC - [2010/09/18 12:50:08 | 000,095,744 | ---- | M] () -- C:\Program Files\easy gadget\easy gadget.exe
PRC - [2010/09/15 05:29:10 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/09/07 03:50:22 | 001,047,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 13:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/10/09 10:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/05/06 20:50:40 | 002,500,096 | ---- | M] () -- C:\Program Files\Shutterfly\Studio\Bin\SFlyStudio.exe
PRC - [2008/01/31 14:01:38 | 000,159,744 | R--- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe
PRC - [2007/11/09 20:51:40 | 000,540,672 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2007/11/05 21:34:58 | 000,741,376 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2007/10/11 19:03:10 | 000,029,984 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe
PRC - [2004/06/09 14:16:08 | 000,471,040 | ---- | M] (PalmSource, Inc) -- C:\Program Files\palmOne\Hotsync.exe
PRC - [2003/06/18 13:00:00 | 000,200,704 | ---- | M] (Microsoft Corp.) -- C:\Program Files\microsoft money\System\mnyexpr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/05 08:14:08 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Linda Meahl\Desktop\Computer Maintenance\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/10/11 12:58:12 | 006,104,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/09/10 01:45:22 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/08/13 12:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/23 13:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/10/06 12:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/04/13 11:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2010/09/13 16:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:49:00 | 000,298,448 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 21:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 21:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 21:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2009/06/09 20:37:48 | 000,016,694 | ---- | M] (PalmSource, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2009/05/19 15:52:20 | 001,166,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009/04/23 11:33:34 | 000,064,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/10/23 06:05:13 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/10/23 06:05:13 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/10/23 06:05:13 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/07/17 18:01:00 | 000,269,760 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Vid.sys -- (OA004Vid)
DRV - [2008/07/06 16:15:24 | 002,378,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/06/29 10:52:26 | 000,112,128 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R)
DRV - [2008/06/10 16:04:26 | 000,033,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2008/06/10 14:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/06/05 12:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/06/03 10:30:24 | 000,144,672 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\OA004Ufd.sys -- (OA004Ufd)
DRV - [2008/04/17 14:05:16 | 000,199,344 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/10/31 21:51:26 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/10/31 21:47:54 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/10/31 21:47:08 | 000,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/10/17 19:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 20:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/12/12 11:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerId.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Search Assistant = http://www.seekseek.com/quicksearch.asp?keyphrase=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://bing.zugo.com/?cfg=2-76-0-TXZm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Swag Bucks Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://mail.google.com/mail/?shva=1#"
FF - prefs.js..extensions.enabledItems: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.10.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}:0.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.6
FF - prefs.js..keyword.URL: "https://www.mypoints.com/emp/u/mysearch.vm?st=mypWeb&fctb.dns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2010/07/14 13:36:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/10/25 09:12:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 19:40:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/05 15:09:27 | 000,000,000 | ---D | M]

[2010/07/15 16:14:38 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Extensions
[2010/07/15 16:14:38 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Extensions\IMVUClientXUL@imvu.com
[2010/11/05 09:40:35 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions
[2010/08/21 19:01:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/07/15 18:08:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/14 23:57:56 | 000,000,000 | ---D | M] (Google Analytics Opt-out Browser Add-on) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{6d96bb5e-1175-4ebf-8ab5-5f56f1c79f65}
[2010/08/20 07:32:02 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2010/08/20 07:32:06 | 000,000,000 | ---D | M] (Swag Bucks Toolbar) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2010/08/20 07:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\mac\mozapps\extensions
[2010/08/20 07:32:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2010/04/21 10:01:12 | 000,001,836 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\searchplugins\bing-ff.xml
[2010/01/20 13:15:44 | 000,000,923 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\searchplugins\conduit.xml
[2010/01/23 09:21:40 | 000,004,779 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Profiles\1b94f4nf.default\searchplugins\web-search.xml
[2010/11/05 15:09:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/10 12:51:05 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe ()
O4 - HKCU..\Run: [SmileboxTray] C:\Users\Linda Meahl\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - Startup: C:\Users\Linda Meahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClearPlay Easy Updates.lnk = C:\Program Files\ClearPlay\ClearPlay Easy Updates\ClearPlayEasyUpdates.exe (ClearPlay Inc.)
O4 - Startup: C:\Users\Linda Meahl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\easy gadget.lnk = C:\Program Files\easy gadget\easy gadget.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: MasterCook: Select Image - C:\Program Files\mastercook 9\Web\MCIEContext.hta ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: ([]msn in Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Users\Linda Meahl\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2d3a4957-04e2-11de-a197-001f165fc987}\Shell\AutoRun\command - "" = F:\ClearPlayEasyUpdates.exe -- File not found
O33 - MountPoints2\{6b47fda9-f941-11de-b0a7-001f165fc987}\Shell\AutoRun\command - "" = .\Encryption Tool\MaxtorEncryption.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/05 08:15:45 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/03 19:40:07 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/11/03 19:38:56 | 001,068,528 | ---- | C] (Coupons.com Incorporated) -- C:\Users\Linda Meahl\Desktop\couponprinter(2).exe
[2010/11/03 19:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010/10/27 09:15:13 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\Auslogics
[2010/10/27 08:44:38 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\ParetoLogic
[2010/10/27 08:44:38 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\DriverCure
[2010/10/27 08:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2010/10/23 09:22:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\AVG
[2010/10/22 16:59:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/10/21 09:19:02 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\Documents\My Kindle Content
[2010/10/21 09:18:54 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Local\Amazon
[2010/10/20 08:18:36 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\AVG10
[2010/10/20 08:08:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010/10/20 08:07:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010/10/20 07:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\avg8
[2010/10/20 07:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/10/18 16:54:55 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\Desktop\HijackThis
[2010/10/17 13:54:08 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/17 13:54:08 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/15 21:38:52 | 000,000,000 | ---D | C] -- C:\Users\Linda Meahl\AppData\Roaming\Malwarebytes
[2010/10/15 21:35:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/15 21:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/15 21:35:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/15 21:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/14 09:58:05 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[3 C:\Users\Linda Meahl\Documents\*.tmp files -> C:\Users\Linda Meahl\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/05 15:17:42 | 000,640,816 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/05 15:17:42 | 000,119,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/05 15:14:00 | 000,000,220 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2010/11/05 15:12:24 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/05 15:11:49 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 15:11:49 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/05 15:11:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/05 15:11:01 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/05 14:19:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/05 09:28:54 | 098,518,165 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/05 09:26:49 | 000,000,000 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Local\prvlcl.dat
[2010/11/04 21:06:38 | 015,949,824 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Our Money.mny
[2010/11/04 17:27:53 | 000,075,264 | ---- | M] () -- C:\Users\Linda Meahl\Desktop\SystemLook.exe
[2010/11/04 17:22:56 | 017,965,728 | R--- | M] () -- C:\Users\Linda Meahl\Documents\Our Money Backup.mbf
[2010/11/03 19:38:58 | 001,068,528 | ---- | M] (Coupons.com Incorporated) -- C:\Users\Linda Meahl\Desktop\couponprinter(2).exe
[2010/11/03 19:26:16 | 000,000,426 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/11/03 07:52:12 | 004,089,184 | R--- | M] () -- C:\Users\Linda Meahl\Documents\Kids - Allowance Backup.mbf
[2010/11/03 07:52:12 | 004,087,808 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Kids - Allowance.mny
[2010/11/02 19:40:30 | 014,845,413 | ---- | M] () -- C:\Users\Linda Meahl\Desktop\Belkin Router Manual.pdf
[2010/11/02 19:31:10 | 000,030,744 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Belkin Network Security code.rtf
[2010/11/02 16:32:53 | 567,093,974 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/30 20:17:46 | 000,002,677 | ---- | M] () -- C:\Users\Linda Meahl\Desktop\Launch ClearPlay Easy Updates.lnk
[2010/10/29 08:44:09 | 000,027,136 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Proverb of the Day.doc
[2010/10/28 09:44:45 | 000,000,790 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/22 16:54:22 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/21 21:35:29 | 000,000,076 | ---- | M] () -- C:\Windows\AssistantWizard.INI
[2010/10/21 09:18:57 | 000,002,138 | ---- | M] () -- C:\Users\Linda Meahl\Desktop\Kindle For PC.lnk
[2010/10/16 22:39:10 | 000,482,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/16 13:55:49 | 004,231,168 | ---- | M] () -- C:\Users\Linda Meahl\Documents\Rental-Colleen.mny
[2010/10/16 13:55:49 | 004,208,000 | R--- | M] () -- C:\Users\Linda Meahl\Documents\Rental-Colleen Backup.mbf
[2010/10/07 17:15:11 | 000,011,264 | ---- | M] () -- C:\Users\Linda Meahl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[3 C:\Users\Linda Meahl\Documents\*.tmp files -> C:\Users\Linda Meahl\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/05 09:28:54 | 098,518,165 | ---- | C] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/11/04 17:27:52 | 000,075,264 | ---- | C] () -- C:\Users\Linda Meahl\Desktop\SystemLook.exe
[2010/11/02 19:40:21 | 014,845,413 | ---- | C] () -- C:\Users\Linda Meahl\Desktop\Belkin Router Manual.pdf
[2010/11/02 19:10:22 | 000,030,744 | ---- | C] () -- C:\Users\Linda Meahl\Documents\Belkin Network Security code.rtf
[2010/10/23 09:23:38 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/10/22 16:54:22 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/10/21 17:34:43 | 000,000,076 | ---- | C] () -- C:\Windows\AssistantWizard.INI
[2010/10/21 09:18:57 | 000,002,138 | ---- | C] () -- C:\Users\Linda Meahl\Desktop\Kindle For PC.lnk
[2010/10/19 19:22:59 | 000,000,766 | ---- | C] () -- C:\Windows\System\CRIcon.ico
[2010/10/15 22:56:06 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/07 23:30:31 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/03/04 11:44:59 | 000,000,292 | ---- | C] () -- C:\Windows\KA.INI
[2009/12/09 14:14:10 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\prvlcl.dat
[2009/11/16 16:26:05 | 000,004,096 | -H-- | C] () -- C:\Users\Linda Meahl\AppData\Local\keyfile3.drm
[2009/09/12 08:33:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/08 19:42:20 | 000,000,099 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\fusioncache.dat
[2009/08/03 20:08:34 | 000,017,562 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Roaming\UserTile.png
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/07/23 18:03:11 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2009/07/23 18:01:45 | 000,000,739 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2009/07/23 18:01:45 | 000,000,093 | ---- | C] () -- C:\Windows\brpcfx.ini
[2009/07/23 17:58:03 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2009/07/23 17:57:33 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2009/07/23 17:57:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2009/07/23 17:55:32 | 000,031,567 | ---- | C] () -- C:\Windows\maxlink.ini
[2009/07/16 19:57:16 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
[2009/07/14 08:58:11 | 000,005,972 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\d3d9caps.dat
[2009/05/13 22:33:26 | 000,000,000 | ---- | C] () -- C:\Windows\QuickInstall.INI
[2009/03/04 12:44:41 | 000,000,021 | ---- | C] () -- C:\ProgramData\hpqp.txt
[2009/02/16 23:07:13 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\FnF4.txt
[2009/02/11 22:18:59 | 000,011,264 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/09 19:28:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/02/09 19:25:48 | 000,000,044 | ---- | C] () -- C:\Windows\EPSNX400.ini
[2009/02/08 17:25:16 | 000,000,058 | ---- | C] () -- C:\Windows\System32\EAL32.INI
[2009/02/07 22:03:22 | 000,000,025 | ---- | C] () -- C:\Windows\EPR220.ini
[2009/02/07 21:41:35 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/07 19:41:41 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\QSwitch.txt
[2009/02/07 19:41:41 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\DSwitch.txt
[2009/02/07 19:41:41 | 000,000,000 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Local\AtStart.txt
[2009/01/08 01:38:34 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/01/08 01:38:26 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/01/08 01:38:02 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/01/08 01:37:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/01/08 01:35:42 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/01/08 01:35:12 | 000,000,220 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2008/10/23 06:50:32 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2008/10/23 06:46:14 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2008/10/23 06:44:45 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2008/10/23 06:43:42 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/07/06 16:29:46 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1518.dll
[2008/06/29 10:52:14 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 05:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/10/18 10:56:53 | 000,001,648 | ---- | C] () -- C:\Users\Linda Meahl\AppData\Roaming\Access10.pip

========== LOP Check ==========

[2009/12/23 12:30:43 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Amazon
[2010/06/20 13:23:07 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Ashampoo
[2010/10/27 09:15:27 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Auslogics
[2010/10/20 08:18:36 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\AVG10
[2009/08/08 19:40:20 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\ClearPlay Inc
[2009/03/08 21:29:05 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/27 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\DriverCure
[2010/08/10 12:51:06 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\E-centives
[2010/08/21 20:16:54 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\GARMIN
[2009/02/11 09:49:05 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\HotSync
[2010/02/23 10:02:49 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\iShell
[2009/02/09 19:33:36 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Leadertech
[2009/11/02 09:51:42 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\OLYMPUS
[2010/10/27 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\ParetoLogic
[2010/05/18 08:42:22 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\PC-FAX TX
[2009/08/03 20:08:33 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\PeerNetworking
[2009/08/05 09:51:59 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\ScanSoft
[2009/02/11 22:16:01 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Shutterfly
[2010/11/02 10:54:21 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Smilebox
[2010/07/15 16:15:44 | 000,000,000 | ---D | M] -- C:\Users\Linda Meahl\AppData\Roaming\Vivox
[2010/11/05 15:09:45 | 000,032,644 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\Temp:4FA486F6

< End of report >
lmeahl
Regular Member
 
Posts: 20
Joined: October 14th, 2010, 11:10 am

Re: epoclick.com virus?

Unread postby askey127 » November 6th, 2010, 8:14 am

imeahl,
As long as you are using Swag Bucks, and various coupon and cost saving toolbars, your machine may be unpredictable doing searches, etc.

I would attempt to install Java now:
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 22 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Right click the Installer on your desktop and choose "Run as administrator", and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: epoclick.com virus?

Unread postby lmeahl » November 6th, 2010, 11:09 am

I attempted to do as you instructed. When it is "installing" I am still getting a pop-up box entitled Java Setup that says "This software has already been installed on your computer. Would you like to reinstall it?" If I click "yes", I get a Windows Installer pop-up box that says "This action is only valid for products that are currently installed." Just like before.
lmeahl
Regular Member
 
Posts: 20
Joined: October 14th, 2010, 11:10 am

Re: epoclick.com virus?

Unread postby askey127 » November 6th, 2010, 3:24 pm

Imeahl,
This is a problem with the Windows Installer.
Microsoft knows about it, and used to provide, until recently, a "Windows Installer Cleanup utility".
It is no longer offered, for whatever reason. There are probably other ways to fix this, but I am not familiar enough with that part of the system.

You will need to post about it on a Systems/Hardware forum, where they specialize in that kind of thing.
It's a bit far afield for us at MWR.
I think your machine is clean, and free of malware.
---------------------------------------------------------
Good System/Hardware Help Forums
NutNWorks here: http://www.nutnworks.com/forums/forumdisplay.php?f=60
or
GeekstoGo here: http://www.geekstogo.com/forum/Windows-XP-2000-2003-NT-f5.html
GeekstoGo here for Vista/Windows 7: http://www.geekstogo.com/forum/Windows-Vista-Windows-7-f79.html
or
Computer Trouble here: http://forum.computertrouble.co.uk/index.php
or
TechSupportGuy here : http://forums.techguy.org/21-windows-nt-2000-xp/
or
Security Cadets PC and software help Section at : http://forum.securitycadets.com/

All may require you to register free before posting for help.

You can tell them MWR thinks the machine is clean, and then re-quote your last post about how the Java installer behaves.
Good Luck,
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: epoclick.com virus?

Unread postby lmeahl » November 6th, 2010, 3:37 pm

Thanks so much for your help. I'll try one of these.
Linda
lmeahl
Regular Member
 
Posts: 20
Joined: October 14th, 2010, 11:10 am

Re: epoclick.com virus?

Unread postby askey127 » November 6th, 2010, 4:20 pm

Since the Remaining Issues appear to be outside the purview of this forum, this thread will be closed.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 579 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware