site Search:


Home Reviews Tools Forums FAQs Find Service ISP News Maps About  
 
    All Forums Hot Topics Gallery






how-to block ads

  
Forums >

Broadband Tech > Security > Security Cleanup > Here are my logs as instructed...

Search Topic:
 Uniqs:
745		 Share Topic
Posting?
Post a:
Post a:
Links: ·SCU FAQ ·Pre-Clean ·Site IMs ·VundoFix ·Zlob/Smitfraud ·SCU Helpers
AuthorAll Replies

yragha
I'M Stuck In The 80's
Premium
join:2002-05-08
Pasadena, TX

Here are my logs as instructed...

First off, a short explanation as to why I'm posting here and requesting your insight.

On 12/20 Norton found overlay.xul (Trojan.Zefarch). On 12/27 my hotmail account seemed to be hacked (I hear this is a regular occurance after googling the topic but I digress) and I received an email from one of my contacts (I read it, but didn't click on the link *I know better*). Then I checked my SENT folder and their was an email in that box supposedly from me but I didn't send it as I was at work at the time. I did change my password to something different even though I thought the old one would stand up. HENCE, the reason I'm here now to check....

Let me say I run Malwarebytes, SuperAntiSpyware and Norton religiously and neither finds anything.

Your help would be appreciated. I now post my logs - *THANK YOU*

Malwarebytes Anti-Malware (PRO) 1.60.0.1800
www.malwarebytes.org

Database version: v2011.12.29.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
yragha :: XXXXX-PC [administrator]

Protection: Enabled

12/29/2011 8:55:50 AM
mbam-log-2011-12-29 (08-55-50).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 334774
Time elapsed: 57 minute(s), 41 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

------------------------------------------------------------------

OTL logfile created on: 12/29/2011 10:10:20 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.12% Memory free
4.23 Gb Paging File | 3.07 Gb Available in Paging File | 72.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 238.42 Gb Free Space | 82.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.37 Gb Free Space | 63.69% Space Free | Partition Type: NTFS

Computer Name: XXXXX-PC | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011/12/28 22:14:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\yragha\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/20 06:36:14 | 000,053,248 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\PlayOn.exe
PRC - [2011/12/20 06:36:05 | 005,424,504 | ---- | M] (MediaMall Technologies, Inc.) -- C:\Program Files\MediaMall\MediaMallServer.exe
PRC - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2011/08/10 14:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccsvchst.exe
PRC - [2011/07/25 09:22:20 | 010,866,773 | ---- | M] (Logitech Inc.) -- C:\Program Files\Squeezebox\server\SqueezeSvr.exe
PRC - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/04/11 00:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/18 06:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/11/18 06:00:48 | 000,550,872 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2006/11/18 06:00:06 | 000,174,552 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2006/11/18 05:59:38 | 000,081,880 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2006/11/18 05:59:02 | 000,032,216 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2006/11/03 16:07:04 | 000,537,480 | ---- | M] ( ) -- C:\Windows\System32\dlcxcoms.exe
PRC - [2006/10/29 08:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011/10/13 02:26:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll
MOD - [2011/10/13 02:23:55 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/13 02:23:45 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/13 02:22:51 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 02:22:44 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2009/02/25 15:34:55 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/20 06:36:05 | 005,424,504 | ---- | M] (MediaMall Technologies, Inc.) [Auto | Running] -- C:\Program Files\MediaMall\MediaMallServer.exe -- (MediaMall Server)
SRV - [2011/08/11 17:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/08/10 14:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ccSvcHst.exe -- (NIS)
SRV - [2011/07/25 09:22:20 | 010,866,773 | ---- | M] () [Auto | Running] -- C:/PROGRA~1/SQUEEZ~2/server/SqueezeSvr.exe -- (squeezesvc)
SRV - [2011/03/13 11:45:14 | 000,148,520 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2010/08/24 17:02:08 | 001,104,656 | ---- | M] (TiVo Inc.) [Disabled | Stopped] -- C:\Program Files\TiVo\Desktop\TiVoBeacon.exe -- (TivoBeacon2)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/01/19 01:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/01/04 15:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/18 06:01:26 | 000,195,032 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel(R)
SRV - [2006/11/18 06:00:48 | 000,550,872 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel(R)
SRV - [2006/11/18 06:00:06 | 000,174,552 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel(R)
SRV - [2006/11/18 05:59:38 | 000,081,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel(R)
SRV - [2006/11/18 05:59:02 | 000,032,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel(R) Viiv(TM)
SRV - [2006/11/07 12:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 16:07:04 | 000,537,480 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\dlcxcoms.exe -- (dlcx_device)
SRV - [2006/10/29 08:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 11:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011/12/20 16:56:43 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111229.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/12/20 16:56:43 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/20 16:56:43 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/12/20 16:56:43 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20111229.002\NAVENG.SYS -- (NAVENG)
DRV - [2011/12/20 16:48:37 | 000,127,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/12/19 03:46:10 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20111228.001\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/13 19:36:04 | 000,021,744 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc.pkms -- (PCDSRVC{E9D79540-57D5953E-06020101}_0)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/12/10 02:24:18 | 000,819,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20111221.003\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/09/26 18:38:08 | 000,897,656 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1302000.00A\SYMEFA.SYS -- (SymEFA)
DRV - [2011/08/08 17:38:11 | 000,132,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1302000.00A\ccSetx86.sys -- (ccSet_NIS)
DRV - [2011/08/02 20:22:10 | 000,566,904 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1302000.00A\SRTSP.SYS -- (SRTSP)
DRV - [2011/08/02 20:22:10 | 000,031,864 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1302000.00A\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/07/26 18:51:01 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/07/25 20:18:39 | 000,344,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1302000.00A\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/07/25 20:15:51 | 000,149,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1302000.00A\Ironx86.SYS -- (SymIRON)
DRV - [2011/07/25 12:18:36 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1302000.00A\SYMDS.SYS -- (SymDS)
DRV - [2011/07/22 10:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 15:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/13 11:20:10 | 000,459,728 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/03/13 11:20:10 | 000,118,784 | ---- | M] (McAfee, Inc.) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/02/07 15:02:14 | 000,023,920 | ---- | M] (MediaMall Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\povrtdev.sys -- (msvad_simple)
DRV - [2009/02/25 16:59:51 | 004,385,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2009/02/25 16:59:51 | 004,385,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/01/18 22:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007/04/03 11:12:27 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/07 23:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 06:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/10/19 14:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/27 15:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 14:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = »att.my.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "AOL Search"
FF - prefs.js..browser.search.defaulturl: "http://search.aol.com/aolcom/search?invocationType=tb50-ff-aolradio-chromesbox-en-us&query="
FF - prefs.js..browser.search.selectedEngine: "Secure Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 7
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=mcafee&p="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.69: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.0: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\yragha\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine: C:\Users\yragha\AppData\Roaming\nprhapengine.dll File not found
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\yragha\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/16 13:33:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2011/12/20 17:04:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2011/12/29 08:48:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/12/25 15:48:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/12/25 15:48:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Users\yragha\AppData\Roaming\Move Networks [2009/11/06 17:07:16 | 000,000,000 | ---D | M]

[2009/04/06 16:14:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yragha\AppData\Roaming\Mozilla\Extensions
[2011/12/28 17:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yragha\AppData\Roaming\Mozilla\Firefox\Profiles\9l46f4yh.default\extensions
[2011/03/03 11:52:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\yragha\AppData\Roaming\Mozilla\Firefox\Profiles\9l46f4yh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/03/24 07:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\yragha\AppData\Roaming\Mozilla\Firefox\Profiles\9l46f4yh.default\extensions\nostmp
[2011/12/21 07:40:18 | 000,002,464 | ---- | M] () -- C:\Users\yragha\AppData\Roaming\Mozilla\Firefox\Profiles\9l46f4yh.default\searchplugins\safesearch.xml
[2011/12/21 07:22:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/29 08:48:00 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\COFFPLGN
[2011/12/20 17:04:18 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
[2011/12/23 14:52:09 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/11/19 16:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/19 04:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/19 16:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2007/04/16 11:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2011/03/24 07:10:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/17 10:49:48 | 000,002,024 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2011/11/09 10:11:14 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 15:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\19.2.0.10\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [DLCXCATS] C:\Windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.DLL ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [PlayOn] C:\Program Files\MediaMall\PlayOn.exe (MediaMall Technologies, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} »java.sun.com/update/1.6.0/jinsta···i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7FBA786-E93E-497E-9553-FFD73D4B9F23}: DhcpNameServer = 75.75.76.76 75.75.75.75
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Users\yragha\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\yragha\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011/12/28 22:14:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\yragha\Desktop\OTL.exe
[2011/12/28 22:13:55 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\yragha\Desktop\TFC.exe
[2011/12/28 16:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\RoboForm
[2011/12/28 10:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 10:54:58 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/26 18:45:18 | 000,035,960 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SymIMV.sys
[2011/12/25 15:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/25 15:53:31 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/25 15:49:18 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/25 15:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/12/25 15:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/12/25 15:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/12/20 16:55:56 | 000,897,656 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1302000.00A\symefa.sys
[2011/12/20 16:55:56 | 000,344,184 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1302000.00A\symtdiv.sys
[2011/12/20 16:55:56 | 000,340,088 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1302000.00A\symds.sys
[2011/12/20 16:55:56 | 000,314,488 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1302000.00A\symnets.sys
[2011/12/20 16:55:56 | 000,031,864 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1302000.00A\srtspx.sys
[2011/12/20 16:55:55 | 000,566,904 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1302000.00A\srtsp.sys
[2011/12/20 16:55:55 | 000,149,624 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1302000.00A\ironx86.sys
[2011/12/20 16:55:55 | 000,132,744 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NIS\1302000.00A\ccsetx86.sys
[2011/12/20 16:55:38 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS\1302000.00A
[2011/12/20 16:48:37 | 000,127,096 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/12/20 16:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011/12/20 16:48:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/12/20 16:46:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NIS
[2011/12/20 16:46:23 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2011/12/20 16:46:22 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011/12/20 16:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011/12/20 16:39:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011/12/20 16:39:00 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2011/12/17 10:29:42 | 000,148,520 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
[2011/12/16 19:04:33 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Support Center
[2011/12/14 19:28:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 19:27:59 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 19:27:58 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 19:27:57 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 19:27:56 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 19:27:52 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 19:12:29 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 19:12:28 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 19:12:10 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 19:12:09 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 19:12:07 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 19:12:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/12 12:48:40 | 000,000,000 | ---D | C] -- C:\Users\yragha\Documents\gegl-0.0
[2011/11/30 22:25:38 | 000,000,000 | ---D | C] -- C:\Users\yragha\AppData\Roaming\SUPERAntiSpyware.com
[2011/11/30 22:24:42 | 000,000,000 | ---D | C] -- C:\Users\yragha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/11/30 22:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/11/30 22:24:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/11/30 22:11:50 | 013,336,120 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\yragha\SUPERAntiSpyware.exe
[2007/04/11 22:26:36 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\dlcxhcp.dll
[2006/11/03 16:07:06 | 000,385,928 | ---- | C] ( ) -- C:\Windows\System32\dlcxih.exe
[2006/11/03 16:07:04 | 000,537,480 | ---- | C] ( ) -- C:\Windows\System32\dlcxcoms.exe
[2006/11/03 16:07:02 | 000,381,832 | ---- | C] ( ) -- C:\Windows\System32\dlcxcfg.exe
[2006/10/11 17:01:40 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\dlcxpmui.dll
[2006/10/11 16:59:56 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\dlcxserv.dll
[2006/10/11 16:54:10 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomm.dll
[2006/10/11 16:52:34 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\dlcxlmpm.dll
[2006/10/11 16:51:16 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\dlcxiesc.dll
[2006/10/11 16:48:58 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\dlcxpplc.dll
[2006/10/11 16:48:14 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\dlcxcomc.dll
[2006/10/11 16:47:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\dlcxprox.dll
[2006/10/11 16:41:42 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\dlcxinpa.dll
[2006/10/11 16:41:04 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\dlcxusb1.dll
[2006/10/11 16:37:14 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\dlcxhbn3.dll
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011/12/29 10:09:01 | 000,000,512 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f4522a70-b5ab-46a4-bf3c-055168ef0363.job
[2011/12/29 08:47:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 08:47:35 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/12/29 08:47:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/12/28 22:15:32 | 000,879,683 | ---- | M] () -- C:\Users\yragha\Desktop\SecurityCheck.exe
[2011/12/28 22:14:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\yragha\Desktop\OTL.exe
[2011/12/28 22:13:56 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\yragha\Desktop\TFC.exe
[2011/12/28 18:20:51 | 000,232,522 | ---- | M] () -- C:\Users\yragha\Documents\12282011no2.reg
[2011/12/28 13:52:05 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/28 10:54:59 | 000,000,892 | ---- | M] () -- C:\Users\yragha\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 02:54:05 | 000,020,334 | ---- | M] () -- C:\Users\yragha\Documents\122811backup.reg
[2011/12/28 01:07:11 | 000,001,798 | ---- | M] () -- C:\Users\yragha\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2011/12/26 18:45:18 | 002,251,765 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/25 15:45:30 | 000,640,362 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/12/25 15:45:30 | 000,118,614 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/20 16:56:44 | 000,004,782 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/20 16:48:37 | 000,127,096 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS
[2011/12/20 16:48:37 | 000,007,510 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/12/20 16:48:37 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/12/18 14:10:03 | 000,000,402 | ---- | M] () -- C:\Windows\tasks\EasyShare Registration Task.job
[2011/12/17 09:21:25 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/14 21:01:31 | 000,328,576 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/12 19:39:01 | 000,023,552 | -H-- | M] () -- C:\Users\yragha\Desktop\photothumb.db
[2011/12/12 13:10:09 | 000,003,298 | ---- | M] () -- C:\Users\yragha\.recently-used.xbel
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/07 23:38:03 | 000,175,653 | ---- | M] () -- C:\Users\yragha\Desktop\BigEastSplash.jpg
[2011/12/05 07:48:01 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/11/30 22:21:30 | 013,336,120 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\yragha\SUPERAntiSpyware.exe
[2011/11/29 13:42:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011/12/28 22:15:32 | 000,879,683 | ---- | C] () -- C:\Users\yragha\Desktop\SecurityCheck.exe
[2011/12/28 18:20:42 | 000,232,522 | ---- | C] () -- C:\Users\yragha\Documents\12282011no2.reg
[2011/12/28 10:54:59 | 000,000,892 | ---- | C] () -- C:\Users\yragha\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2011/12/28 02:53:56 | 000,020,334 | ---- | C] () -- C:\Users\yragha\Documents\122811backup.reg
[2011/12/28 01:07:11 | 000,001,798 | ---- | C] () -- C:\Users\yragha\Application Data\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Professional.lnk
[2011/12/20 17:02:18 | 002,251,765 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\Cat.DB
[2011/12/20 16:59:19 | 000,004,782 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\VT20111023.024
[2011/12/20 16:55:56 | 000,007,877 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\symnetv.cat
[2011/12/20 16:55:56 | 000,007,498 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\symefa.cat
[2011/12/20 16:55:56 | 000,007,496 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\srtspx.cat
[2011/12/20 16:55:56 | 000,007,492 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\symds.cat
[2011/12/20 16:55:56 | 000,007,458 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\symnet.cat
[2011/12/20 16:55:56 | 000,003,433 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\symefa.inf
[2011/12/20 16:55:56 | 000,002,852 | R--- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\symds.inf
[2011/12/20 16:55:56 | 000,001,468 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\symnetv.inf
[2011/12/20 16:55:56 | 000,001,440 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\symnet.inf
[2011/12/20 16:55:56 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\srtspx.inf
[2011/12/20 16:55:55 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\ccsetx86.cat
[2011/12/20 16:55:55 | 000,007,492 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\srtsp.cat
[2011/12/20 16:55:55 | 000,007,492 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\iron.cat
[2011/12/20 16:55:55 | 000,001,389 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\srtsp.inf
[2011/12/20 16:55:55 | 000,000,828 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\ccsetx86.inf
[2011/12/20 16:55:55 | 000,000,742 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\iron.inf
[2011/12/20 16:55:38 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NIS\1302000.00A\isolate.ini
[2011/12/20 16:48:37 | 000,007,510 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT
[2011/12/20 16:48:37 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF
[2011/12/16 19:04:41 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/16 19:04:40 | 000,000,506 | ---- | C] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2011/12/12 13:10:09 | 000,003,298 | ---- | C] () -- C:\Users\yragha\.recently-used.xbel
[2011/12/07 23:38:02 | 000,175,653 | ---- | C] () -- C:\Users\yragha\Desktop\BigEastSplash.jpg
[2011/12/05 18:09:50 | 000,000,512 | ---- | C] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f4522a70-b5ab-46a4-bf3c-055168ef0363.job
[2011/12/05 06:18:20 | 000,000,564 | ---- | C] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2010/02/24 20:15:17 | 000,000,120 | ---- | C] () -- C:\Users\yragha\AppData\Local\Mtowobi.dat
[2010/02/24 20:15:17 | 000,000,000 | ---- | C] () -- C:\Users\yragha\AppData\Local\Yburisiji.bin
[2009/07/22 14:32:41 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/22 14:32:41 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/04/26 14:38:00 | 000,000,022 | ---- | C] () -- C:\Users\yragha\AppData\Local\kodakpcd.ini
[2009/04/16 13:34:57 | 000,000,024 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009/04/13 15:21:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/01/08 13:25:27 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/09/24 06:38:14 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/09/04 00:27:47 | 000,870,128 | ---- | C] () -- C:\Users\yragha\AppData\Roaming\mcs.rma
[2008/09/04 00:27:47 | 000,000,004 | ---- | C] () -- C:\Users\yragha\AppData\Roaming\5219EE
[2008/01/04 15:58:50 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/01/04 15:56:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/10/01 13:23:01 | 000,002,445 | ---- | C] () -- C:\Windows\checkip.dat
[2007/09/09 22:55:44 | 000,028,672 | ---- | C] () -- C:\Users\yragha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/05/28 12:29:31 | 000,005,154 | ---- | C] () -- C:\Users\yragha\AppData\Roaming\wklnhst.dat
[2007/05/17 09:58:45 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2007/04/11 22:27:02 | 000,045,056 | ---- | C] () -- C:\Windows\System32\DLPRMON.DLL
[2007/04/11 22:27:02 | 000,032,768 | ---- | C] () -- C:\Windows\System32\DLPMONUI.DLL
[2007/04/11 22:26:36 | 000,274,432 | ---- | C] () -- C:\Windows\System32\dlcxinst.dll
[2007/04/05 21:11:00 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2007/04/03 18:53:42 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/04/03 18:53:42 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/07 13:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 06:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:47:37 | 000,328,576 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 04:33:01 | 000,640,362 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,118,614 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/10/28 09:31:44 | 000,344,064 | ---- | C] () -- C:\Windows\System32\dlcxcoin.dll
[2006/10/20 19:07:32 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dlcxinsr.dll
[2006/10/20 19:06:44 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dlcxcur.dll
[2006/10/20 19:03:28 | 000,139,264 | ---- | C] () -- C:\Windows\System32\dlcxjswr.dll
[2006/10/20 18:57:40 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxinsb.dll
[2006/10/20 18:56:52 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dlcxcub.dll
[2006/10/20 18:55:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcu.dll
[2006/10/20 18:54:42 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dlcxins.dll
[2006/10/20 18:48:38 | 000,454,656 | ---- | C] () -- C:\Windows\System32\dlcxutil.dll
[2006/10/20 18:46:42 | 000,188,416 | ---- | C] () -- C:\Windows\System32\dlcxgrd.dll
[2006/09/22 06:42:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dlcxcaps.dll
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/09/06 05:13:14 | 000,073,728 | ---- | C] () -- C:\Windows\System32\dlcxcfg.dll
[2006/08/08 14:58:04 | 000,692,224 | ---- | C] () -- C:\Windows\System32\dlcxdrs.dll
[2006/06/23 08:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2006/04/24 14:09:58 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dlcxvs.dll
[2006/03/19 18:03:04 | 000,061,440 | ---- | C] () -- C:\Windows\System32\dlcxcnv4.dll

[color=#E56717]========== LOP Check ==========[/color]

[2007/04/05 21:12:29 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\acccore
[2011/09/05 13:40:45 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\Amazon
[2011/09/13 22:51:51 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\AVG2012
[2010/12/06 10:40:32 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\BIAS
[2009/07/20 15:40:49 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\eBookPro6
[2011/12/12 13:09:45 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\gtk-2.0
[2010/09/03 22:57:20 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\iScreensaver
[2007/11/06 16:28:41 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\MusicNet
[2008/08/25 16:50:48 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\New Tier
[2011/03/03 11:52:24 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\PCDr
[2011/09/05 07:12:28 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\PhotoScape
[2009/04/26 13:19:41 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\Skinux
[2011/08/12 04:47:10 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\Sony
[2007/05/28 12:29:32 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\Template
[2009/12/27 13:25:58 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\WeatherBug
[2009/03/13 15:19:56 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\WeatherWatcher
[2009/03/22 15:35:28 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\WeatherWatcherLive
[2010/03/22 04:44:16 | 000,000,000 | ---D | M] -- C:\Users\yragha\AppData\Roaming\WinPatrol
[2011/12/18 14:10:03 | 000,000,402 | ---- | M] () -- C:\Windows\Tasks\EasyShare Registration Task.job
[2011/12/05 07:48:01 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
[2011/12/17 09:21:25 | 000,000,564 | ---- | M] () -- C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/29 08:46:12 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/12/29 10:09:01 | 000,000,512 | ---- | M] () -- C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f4522a70-b5ab-46a4-bf3c-055168ef0363.job
[2011/12/28 13:52:05 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\SystemToolsDailyTest.job

[color=#E56717]========== Purity Check ==========[/color]

--
NEVER forget 9/11-01
to forum · permalink · 2011-12-29 13:15:46 ·

yragha
I'M Stuck In The 80's
Premium
join:2002-05-08
Pasadena, TX

OTL Extras logfile created on: 12/29/2011 10:10:20 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\xxxxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.12% Memory free
4.23 Gb Paging File | 3.07 Gb Available in Paging File | 72.60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.04 Gb Total Space | 238.42 Gb Free Space | 82.77% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.37 Gb Free Space | 63.69% Space Free | Partition Type: NTFS

Computer Name: XXXXX-PC | User Name: xxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9000:TCP" = 9000:TCP:*:Enabled:Squeezebox Server 9000 tcp (UI)
"9001:TCP" = 9001:TCP:*:Enabled:Squeezebox Server 9001 tcp (UI)
"9002:TCP" = 9002:TCP:*:Enabled:Squeezebox Server 9002 tcp (UI)
"9003:TCP" = 9003:TCP:*:Enabled:Squeezebox Server 9003 tcp (UI)
"9004:TCP" = 9004:TCP:*:Enabled:Squeezebox Server 9004 tcp (UI)
"9005:TCP" = 9005:TCP:*:Enabled:Squeezebox Server 9005 tcp (UI)
"9006:TCP" = 9006:TCP:*:Enabled:Squeezebox Server 9006 tcp (UI)
"9007:TCP" = 9007:TCP:*:Enabled:Squeezebox Server 9007 tcp (UI)
"9008:TCP" = 9008:TCP:*:Enabled:Squeezebox Server 9008 tcp (UI)
"9009:TCP" = 9009:TCP:*:Enabled:Squeezebox Server 9009 tcp (UI)
"9010:TCP" = 9010:TCP:*:Enabled:Squeezebox Server 9010 tcp (UI)
"9100:TCP" = 9100:TCP:*:Enabled:Squeezebox Server 9100 tcp (UI)
"8000:TCP" = 8000:TCP:*:Enabled:Squeezebox Server 8000 tcp (UI)
"10000:TCP" = 10000:TCP:*:Enabled:Squeezebox Server 10000 tcp (UI)
"9090:TCP" = 9090:TCP:*:Enabled:Squeezebox Server 9090 tcp (UI)
"3483:UDP" = 3483:UDP:*:Enabled:Squeezebox Server 3483 udp
"3483:TCP" = 3483:TCP:*:Enabled:Squeezebox Server 3483 tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe" = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12ADF502-36EC-493A-81AE-2D7CE6A4B07B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{26434F26-0AC3-4CE9-A3E2-7DAC6CE702D2}" = lport=5353 | protocol=17 | dir=in | name=mdns-sd/bonjour |
"{37D456FE-E846-414E-8D11-754EFC6E8342}" = lport=7288 | protocol=6 | dir=in | name=tivo hme host: port %d |
"{93275D02-B0D4-4A6A-8946-0C1329A604C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{BC395628-FFD1-4E4F-930E-F3ECD6AB2C69}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{E7565421-3F6E-4A02-9520-ACE22D76EDC9}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{040FF0AE-0238-4823-BFC6-145BD949EA84}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{0AF18D5D-8FFC-4FF4-9070-8AC70048CB8B}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivodiag.exe |
"{1055693D-ACBE-4603-9C98-DD80BD04788C}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{12ECA5EB-CAAC-4276-BCB2-2D74DF6B00B2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1495BDA2-2A26-4D68-BEEF-C218AB6DC8DC}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivobeacon.exe |
"{1C1C63A9-B63A-4688-B907-751EC5102FD3}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivoserver.exe |
"{2419FE48-3658-4219-A4DD-C51B7C61513C}" = protocol=6 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{2429C65D-35CB-44EE-93F5-D3352B6BB114}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{2563251D-A1CF-4B77-BE34-85870EE34706}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{2ECC5AD8-4F6C-46B8-9408-C5FD99D110C8}" = protocol=17 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{2FEB364F-7512-4489-A23C-3C7C8E6F400C}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{321E6356-2C57-4684-92DD-6D814AD181B9}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{48B9C2AE-FDF7-4EF4-A5ED-D2CB30145E84}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{50C969ED-0339-4871-876F-FE1F54E3EBC9}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivoserver.exe |
"{50D49BA5-C35E-4BB3-92AB-5B89039F79B9}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivotransfer.exe |
"{52A376B2-B6BF-44AE-ADAC-9496F7E71796}" = protocol=17 | dir=in | app=c:\program files\aim\aim.exe |
"{59FEEE42-4D80-4AE3-A7CD-9A051ED7E513}" = protocol=17 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{5B60AA18-C181-47DE-BCA1-1831C4DEDA45}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\tivodesktop.exe |
"{5B8FA1A2-CE30-4ACD-8C62-CE536BE93237}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxaiox.exe |
"{5C977D25-F380-4F21-B8C7-0B4E6A04CC6F}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\curl.exe |
"{678A4104-7873-46C0-9679-3E9020B119B2}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{707CB06F-B2A0-434A-B07F-EC15EAE2FB33}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{71783A39-2D76-43CA-85B6-D244FD9473BD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{77BF3EC1-FDB9-4CA9-9C5D-C0CAC0F0208B}" = protocol=6 | dir=in | app=c:\program files\aim\aim.exe |
"{82EA2FB1-DF1D-4901-8464-9AFE8C0D0DC0}" = protocol=6 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{87FF2F26-C9EB-4EC0-A803-74524ACF5C46}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{8BB23F0D-A7E7-43A2-9521-A9AED10A1AA7}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{90EDAD93-0DBD-420C-8728-869693C30628}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivotransfer.exe |
"{9289866D-5DEF-4B78-A391-D004BD6773F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{93AFBFD0-886A-4BFB-B516-86C3CAD0072B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{99875358-3352-4236-AA0F-8CE872B15F85}" = protocol=17 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{9CCBBD04-F228-4934-9FC0-1A61CC725353}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{A38AAF0C-95FB-4406-969C-B9B1AC11F822}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"{AD67A187-2E3D-42E5-AB2C-6BD6544A1725}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{AF9BFD5C-6F6F-4F3F-A97F-F09C9EE4D72C}" = protocol=6 | dir=in | app=c:\windows\system32\dlcxcoms.exe |
"{B110C6AD-5AE6-4D04-87BB-D121AF49B368}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{B2092BEE-4196-46B7-80DA-00E6EB07BDED}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{BB48E456-CE14-41B0-BF90-B97172291499}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C204501F-2ED7-4C32-B2F2-2A049209E728}" = protocol=6 | dir=in | app=c:\program files\mediamall\mediamallserver.exe |
"{C62A8A5F-FB6D-474B-9C42-289505B5BA15}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D37A4C12-B58F-4682-926C-7594B2AB4169}" = dir=in | app=c:\program files\squeezebox\server\squeezesvr.exe |
"{E07CB126-793F-4BB6-AF3C-AF2A38361280}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivobeacon.exe |
"{E20B1399-4A72-4BA0-AAF3-919212BE541F}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivodesktop.exe |
"{EAD428BD-2FB0-4ED3-B45C-D1BB0F967C0E}" = protocol=6 | dir=in | app=c:\program files\tivo\desktop\tivodiag.exe |
"{EF8349E2-ED15-4FED-8AAA-29CDFCE89125}" = protocol=17 | dir=in | app=c:\program files\dell photo aio printer 926\dlcxmon.exe |
"{F1FD4F72-701E-4C26-9934-FB8778F4E6C0}" = protocol=17 | dir=in | app=c:\program files\tivo\desktop\curl.exe |
"{F5460C5C-B35A-4033-B59D-B0217BE5FA2C}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{FEFD578F-B8AD-4BD7-90A2-5986F616A514}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"TCP Query User{3F7B9753-FB86-49A4-A413-4FCC5E4D0159}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{737B1D16-7F74-46E3-AF7F-FABA032498B2}C:\program files\quicktime\quicktimeplayer.exe" = protocol=6 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"TCP Query User{825208D3-E34D-4375-AF2D-E1505E540B4C}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{9AF5E2DF-FADF-4CB2-A339-A9DCD533751F}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{C846BC2E-B109-47DB-A4E0-063C770D12AA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{F9407450-9F07-44FF-A224-ABB1AF897520}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{40403F0C-76CE-4581-9BC3-063641226225}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{70C28D2A-AC55-498A-92C9-E6B539908B5B}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BFC3B49C-FB62-4EEA-A10C-BAA0495A9E70}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{C4912CCF-6368-45E6-A69C-580754E3FE39}C:\program files\quicktime\quicktimeplayer.exe" = protocol=17 | dir=in | app=c:\program files\quicktime\quicktimeplayer.exe |
"UDP Query User{CBAAFF45-C442-4387-B0F0-B1B0F5F26CC6}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{CD162061-EF48-423A-A005-02BE3384E30E}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
"{02EBDBB9-4600-41D3-B566-40CB861511D2}" = World of Warcraft FREE Trial
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{082C8591-A04B-C51B-99C1-729A9765C559}" = CCC Help English
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0C49AFCF-4EEC-F150-3748-56906B26116D}" = Catalyst Control Center Graphics Full Existing
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{18778440-FBC2-7845-5D75-2E3FB2901CA3}" = Catalyst Control Center Core Implementation
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2160868F-58F6-7B2D-03A3-89A3582AEA1C}" = Skins
"{241B2E61-3D6D-4275-837A-ECE6E596BF6B}" = PlayOn
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 27
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel(R) Viiv(TM) Software
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2F40F38E-0AB7-4C67-A672-03505A7F44BF}" = BIAS SoundSaver for INport
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{38F48AED-66D8-464C-993E-C7296C7A199B}" = Intel(R) IPP Run-Time Installer 5.2 for Windows* on IA-32
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CCBC9FF-7F35-4220-B66D-B60E2E7AB4E2}" = OpenOffice.org 2.2
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{3F11A4D1-FAEC-E1FD-5D35-25C94EC33D46}" = ccc-core-static
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E839090-3B68-436A-B3CF-A2A08C38DD26}" = TiVo Desktop 2.8.2
"{508D251A-9378-C840-90A0-563C649BC749}" = Catalyst Control Center Graphics Previews Vista
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{560BEED8-69A3-0471-FFAE-9BA8AC58B61A}" = ccc-utility
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{580D6A69-F3F7-CB21-A5F5-3451A38CA1C2}" = Catalyst Control Center InstallProxy
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62E965A8-25BB-2C3C-D9D5-D73CF4CC55AB}" = Catalyst Control Center HydraVision Full
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{68D1CBD5-899D-037D-FC17-191811C44EA5}" = ATI Catalyst Install Manager
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7528F5C4-1707-A9D6-4564-F2D5C64FA3A6}" = Catalyst Control Center Graphics Light
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8F931595-5561-4E26-AC78-7E9B1E3E9C98}" = WeatherBug
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{97959329-F1E9-2D17-E910-253C05B00C6E}" = Catalyst Control Center Graphics Full New
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A402B569-BA69-8849-1DFC-6D4CE9F4EDA5}" = Catalyst Control Center Graphics Previews Common
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CCFF1E13-77A2-4032-8B12-7566982A27DF}" = Internet Service Offers Launcher
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D3B1C799-CB73-42DE-BA0F-2344793A095C}" = Catalyst Control Center - Branding
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"CCleaner" = CCleaner
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Dell PC Fax" = Dell PC Fax
"Dell Photo AIO Printer 926" = Dell Photo AIO Printer 926
"Dell Support Center" = Dell Support Center
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"NIS" = Norton Internet Security
"PhotoScape" = PhotoScape
"RealPlayer 6.0" = RealPlayer
"Rhapsody" = Rhapsody
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Sony MusicSync" = Sony Music Sync
"Squeezebox Server_is1" = Squeezebox Server 7.6.0
"Switch" = Switch Sound File Converter
"ViewpointMediaPlayer" = Viewpoint Media Player
"WinGimp-2.0_is1" = GIMP 2.6.10
"WinPatrol" = WinPatrol 2009

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

Results of screen317's Security Check version 0.99.30
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
[u]Antivirus/Firewall Check:[/u]
Windows Firewall Disabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
[u]Anti-malware/Other Utilities Check:[/u]
WinPatrol 2009 [color=red](Outdated! Latest version is WinPatrol 2011)[/color]
SUPERAntiSpyware
CCleaner
Java(TM) 6 Update 27
Java(TM) SE Runtime Environment 6
[color=red]Java version out of date![/color]
Adobe Flash Player 11.1.102.55
Adobe Reader 8 [color=red]Adobe Reader out of date![/color]
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
[u]objlist.exe by Laurent[/u]
Norton ccSvcHst.exe
[color=red]WinPatrol winpatrol.exe is disabled![/color]
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
MediaMall MediaMallServer.exe
MediaMall PlayOn.exe
``````````End of Log````````````

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2396ef9d871c9449a921ee6172208edb
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-29 05:37:35
# local_time=2011-12-29 11:37:35 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=768 16777215 100 0 46380839 46380839 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=3588 16777214 85 70 0 18560419 0 0
# compatibility_mode=5892 16776574 100 100 46520587 161783941 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=159718
# found=0
# cleaned=0
# scan_time=3842
--
NEVER forget 9/11-01

to forum · permalink · 2011-12-29 13:17:32 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to yragha
The logs are all clean. Cleanup instructions are in the next post.

Make sure your new password is strong:
»www.microsoft.com/security/onlin···ate.aspx

Also, some info on ways passwords are compromised:
»www.filterjoe.com/2010/05/14/how···sswords/

Some basic suggestions:
1. Keep your email password unique for each email account you have.
2. Never enter your email password anywhere except your email client (if you use one) and the email website for webmail (Hotmail, Gmail, etc)
3. Periodically change your password.
4. Consider using a password manager to create and store your passwords. LastPass and Keepass are excellent, free password managers.
--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum

to forum · permalink · 2011-12-29 16:14:18 ·


LoPhatPhuud
Premium,VIP,MVM
join:2002-01-06
Albuquerque, NM
kudos:23
Reviews:
·Comcast

reply to yragha
Cleaning Up:

Delete TFC:

  • Delete the TFC icon on your Desktop

Delete OTL:
  • Double click the OTL icon on your Desktop
  • Press the 'Cleanup' button

Delete Security Check:
  • Delete the SecurityCheck icon on your Desktop

Delete Malware Bytes:
  • We recommend that you keep MalwareBytes (MBAM) and run it every week. There is no charge to keep the program however the real time protection will stop after the trial period. Be sure to update the definitions before each use. If you decide not to keep MBAM, use Add/Remove Programs to uninstall it.

Delete Sophos AntiRootkit
  • If we asked you to run Sophos AntiRootkit program, uninstall it thru Add/Remove Programs.

Other Programs:
  • If we asked you to install any other programs that are not removed by the OTL cleanup procedure, we will provide separate removal instructions.

--
When angry count four; when very angry, swear.
Microsoft MVP/Consumer Security 2005-2011
Gladiator Security Forum
to forum · permalink · 2011-12-29 16:14:54 ·

yragha
I'M Stuck In The 80's
Premium
join:2002-05-08
Pasadena, TX

reply to yragha
Thank you very much for your help!!!
--
NEVER forget 9/11-01

to forum · permalink · 2011-12-29 16:42:34 ·
Forums > Broadband Tech > Security > Security Cleanup

Monday, 04-Jun 17:57:04 Terms of Use & Privacy | feedback | contact | Hosting by nac.net - DSL,Hosting & Co-lo
over 12.5 years online © 1999-2012 dslreports.com.
Most commented news this week
Hot Topics